Name: lustre_operator
Owner: Wellcome Trust Sanger Institute - Human Genetics Informatics
Description: Wrapper script to allow non-root users to run privileged lfs commands on particular Lustre filesystems (using sudo)
Created: 2013-11-10 13:20:09.0
Updated: 2016-10-18 20:08:15.0
Pushed: 2015-07-15 16:57:45.0
Homepage: null
Size: 252
Language: Perl
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Wrapper script to allow non-root users to run privileged lfs
commands on particular Lustre filesystems (http://lustre.org/)
It takes as its first two arguments the path to the lfs
binary and the mount point of a Lustre filesystem and it
will only allow lfs
commands to run against that filesystem. It is intended with use along with sudo
, as the sudoers
file can specify that individual users or groups can run this wrapper script against a limited set of Lustre
filesystems specifically listed.
Currently wraps up the functionality of the lfs quota
(as getquota
), lfs setquota
, and lfs find
commands.
In addition to the standard lfs
command functionality, the wrapper also adds some additional features:
getquota
and setquota
both accept multiple users/groups on the command linesetquota
command checks current quotas before setting and refuses to set if the change would put an under-quota user/group over quota (without a --force=*
)getquota
parses the output of lfs quota
and outputs it in one of several customisable machine- and human-readable formats (including JSON
, TSV
, & CSV
)Up-to-date usage information can be found in the inline perldocs (perldoc lustre_operator
) or by
running lustre_operator
with no arguments or with --help
.
No configuration is required to run the lustre_operator command as a normal user or for users who already have
root or full sudo access. Such users can still benefit from the setquota
over-quota check and from the sane
output formats that lustre_operator
offers.
However, the main strength of lustre_operator
is that it structures the command-line arguments in such a way
that it can easily be used to allow a set of users to perform quota and find operations on a particular Lustre
filesystem (or set of filesystems).
For example, the following sudoers
snippet would allow the user opuser1
to run getquota
, setquota
,
and find
operations as root on /mnt/lustre01
:
er1 ALL = (root) NOPASSWD : /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01
You could add multiple filesystems like this:
er1 ALL = (root) NOPASSWD : /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01,\
/usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre02,\
/usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre03
You can also include the subcommands in the sudoers line:
er1 ALL = (root) NOPASSWD : /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01 getquota,\
er1 ALL = (root) NOPASSWD : /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01 find
Users might find it annoying to have to type /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01
before
they can get to the meat of the command, but a shell alias can easily address that issue.