[Security_sig] [Fwd: Re: [nfsv4] [Storage_sig] NFSv4 testing project status: NFS USe Case: Administration]

Mary Edie Meredith maryedie at osdl.org
Mon Aug 29 17:49:56 PDT 2005

Something went by me today I thought would be interesting to share with
this group.  The original email thread below started with a use case
posting for NFS V4 - the case being for a Render Server Compute Farm.
The whole thing is posted at the following URL, if you are interested
(not necessary for my questions).

Anyway, during the discussion, the following issue was raised regarding
the security needs expressed by a potential NFS V4 user ---- a Linux
security capability question about system admin role separation. Since
we have identified the need in our use cases, it occurred to me to ask
if Linux has a gap in this area (I admit ignorance).

Please see below:

-------- Forwarded Message --------
> From: Bryce Harrington <bryce at osdl.org>
> To: Tony Reix <tony.reix at bull.net>
> Cc: Mary Edie Meredith <maryedie at osdl.org>, NFSv4 mailing List
> <nfsv4 at linux-nfs.org>
> Subject: Re: [nfsv4] [Storage_sig] NFSv4 testing project status: NFS
> USe Case: Administration
> Date: Fri, 26 Aug 2005 10:44:51 -0700
> On Fri, Aug 26, 2005 at 03:40:43PM +0200, Tony Reix wrote:
> > About the "System Administrator" part, I'm interested by the sentence:
> > 
> >         "..., the system administration is handled via tools that allow
> >         scaling to hundreds or thousands of servers."
> > 
> > I think it is a key problem for this kind of large use of NFSv4:
> > facilitate the management of many systems using NFSv4.
> > 
From: Bryce Harrington <bryce at osdl.org>

>... when talking to the folks at Lawrence Livermore, 
> They mentioned the need for an administrative tool to perform remote
> checking/setting of ACL's.  Presently, (if I understood right) the
> administrator would need to log into each machine individually.  They
> also mentioned that it would be nice if this could be done in a way that
> the administrator could be given access for updating ACLs on remote
> machines, without needing to be given the root passwords on those
> machines, sort of an "Administrative Identity".  It wasn't certain if
> this could be done on Linux, but they'd seen this sort of thing on other
> kinds of systems and liked having it.

So this seemed to me to be the administrative role separation we talked
about.  Can it be done?  How much work is it?  Do we have a capability
gap, I guess is my question.

> Another area where it sounded like they had administrative tool needs
> was in the area of tuning.  They use several different NFS servers, for
> different purposes, and would like to easily tune each to its particular
> needs.  For example, one tuned to provide large capacity, high
> performance scratch space by turning off all features that cause
> performance degradation (including security, etc.)  

What do you think of that use case (--:

> Another set up for
> archival of data, tuned for high integrity and ease of searching rather
> than raw performance.  Another for sharing access to engineering and
> administrative tools (where access control, delegations, etc. become
> most important), etc.

More information about the security_sig mailing list