Lustre supports the standard Linux ACL tools, setfacl, getfacl, and the historical chacl, normally installed with the ACL package.
ACL support is a system-range feature, meaning that all clients have ACL enabled or not. You cannot specify which clients should enable ACL.
Using ACLs with Lustre
Lustre supports POSIX Access Control Lists (ACLs). An ACL consists of file entries representing permissions based on standard POSIX file system object permissions that define three classes of user (owner, group and other). Each class is associated with a set of permissions [read (r), write (w) and execute (x)].
- Owner class permissions define access privileges of the file owner.
- Group class permissions define access privileges of the owning group.
- Other class permissions define access privileges of all users not in the owner or group class.
The ls -l command displays the owner, group, and other class permissions in the first column of its output (for example, -rw-r- — for a regular file with read and write access for the owner class, read access for the group class, and no access for others).
Minimal ACLs have three entries. Extended ACLs have more than the three entries. Extended ACLs also contain a mask entry and may contain any number of named user and named group entries.
ACL’s on a Lustre file system work exactly like ACLs on any Linux file system. They are manipulated with the standard tools in the standard manner. Below, I create a directory and allow a specific user to access.
get the ACL’s for /home/usera
[usera@login-damiana ~]# lfs lgetfacl /home/usera # file: home/usera # owner: usera # group: users user::rwx group::--- other::---
set new (read+access) ACLs for user:apache on /home/usera
[usera@login-damiana ~]# lfs lsetfacl -m user:apache:rx /home/usera
[usera@login-damiana ~]# lfs lgetfacl /home/usera # file: home/usera # owner: usera # group: users user::rwx user:apache:r-x group::--- mask::r-x other::---
User apache has now access to /home/usera created by usera with users ownerships. Check the man page for further advise.
quota [-q] [-v] [-o obd_uuid|-i mdt_idx|-I ost_idx] [-u|-g <uname>|<uid>|<gname>|<gid>] <filesystem>
To display disk usage and limits, either for the full file system, or for objects on a specific obd. A user or group name or an ID can be specified. If both user and group are omitted quotas for current uid/gid are shown. -v provides more verbose (with per-obd statistics) output. -q disables printing of additional descriptions (including column titles).
quota -t <-u|-g> <filesystem>
To display block and inode grace times for user (-u) or group (-g) quotas
[usera@login-damiana ~]$ lfs quota -q /home