[OAK-7725] Allow to have the users and groups created in the immutable part of the composite setup - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Story
Status: Resolved
Priority: Major
Resolution: Abandoned
Affects Version/s: None
Fix Version/s: None
Component/s: composite, security
Labels:
None

Description

When running the Oak with Composite Node Store, the /home subtree is always stored in the mutable, global part. Therefore, even if we switch the immutable part (eg. /libs), the users and groups are not affected.

This setup makes sense for the users and groups created interactively. However, we also have the service users, which usually are not created interactively, but are part of the application and therefore are related to the /libs part. For such users, it'd make sense to include them dynamically, together with the application, read-only mount.

The proposal is to allow some part of the /home (eg. /home/service) to be mounted from the read-only partial node store. Let's consider the constraints we need to put in place (eg. it shouldn't be possible to have inter-mounts group memberships) and how we can implement this.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OAK-7725-tests.patch
14/Dec/18 10:00
10 kB
Tomek Rękawek

Issue Links

is related to

OAK-7926 ACLs for the mounted principal should use the mounted permission store

Resolved

OAK-7931 Don't allow for weak references between mounts

Closed

Activity

People

Assignee:: Tomek Rękawek

Reporter:: Tomek Rękawek

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 31/Aug/18 11:08

Updated:: 01/Oct/20 14:37

Resolved:: 01/Oct/20 14:37