[PVFS-developers] Determine true user/group on manager in calls
from kernel module?
Rob Ross
rross at mcs.anl.gov
Mon Aug 30 11:52:52 EDT 2004
Hi Stuart,
The (I think) obvious thing to do would be to start sending the real
process's uid/gid in the request rather than root. That will require
adding fields to the pvfs_upcall to hold them. Otherwise that is probably
relatively straight-forward.
I predict though that you'll uncover a new set of permission bugs in the
process, not because I know of any but because there are just so many more
things that the kernel does that require the permission checking to be
right on the mgr in this new case. As is, we rely on the client to have
done the right thing in making these decisions.
Anyway, that's my only warning.
Rob
On Mon, 30 Aug 2004, Stuart White wrote:
> We would like to begin logging file accesses on pvfs (opens, deletions,
> etc...). This seems simple enough - we can simply log the requests as
> they are received by the manager.
>
> The tricky part is this: we want to keep track of the userid that
> performs these operations. Since all requests from the pvfs kernel
> module are sent as root, it is not immediately obvious how to log the
> actual userid performing the operation.
>
> Before we begin considering some rather invasive changes to support
> this requirement, I wanted to throw this out to the list to solicit
> feedback. How would you recommend logging pvfs file accesses
> (including the actual userid)?
>
> Thanks!
More information about the PVFS-developers
mailing list