[LU-1519] discretionary access control overrides should be explicit Created: 13/Jun/12 Updated: 29/May/17 Resolved: 29/May/17 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.1.2 |
| Fix Version/s: | Lustre 2.4.0 |
| Type: | Bug | Priority: | Minor |
| Reporter: | John Hammond | Assignee: | John Hammond |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Severity: | 3 |
| Rank (Obsolete): | 4430 |
| Description |
|
Some ioctls enable overrides of discretionary access controls. Enabling this behavior should require an explicit action/configuration by the administrator. |
| Comments |
| Comment by John Hammond [ 13/Jun/12 ] |
|
Please see http://review.whamcloud.com/3104. |
| Comment by Peter Jones [ 18/Jun/12 ] |
|
Keith Can you please review the existing patch and create a test for it? Peter |
| Comment by Andreas Dilger [ 19/Sep/12 ] |
|
Per comments on the patch, I'd like a second patch to allow users that have read+execute permission on the whole path to be able to run fid2path. This matches the existing POSIX security model. This should be included with the test scripts, which of course need to use "$RUNAS" to not run as the root user. |