Name: lustre_operator
Owner: Wellcome Trust Sanger Institute - Human Genetics Informatics
Description: Wrapper script to allow non-root users to run privileged lfs commands on particular Lustre filesystems (using sudo)
Created: 2013-11-10 13:20:09.0
Updated: 2016-10-18 20:08:15.0
Pushed: 2015-07-15 16:57:45.0
Homepage: null
Size: 252
Language: Perl
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
Wrapper script to allow non-root users to run privileged lfs commands on particular Lustre filesystems (http://lustre.org/)
It takes as its first two arguments the path to the lfs binary and the mount point of a Lustre filesystem and it
will only allow lfs commands to run against that filesystem. It is intended with use along with sudo, as the sudoers
file can specify that individual users or groups can run this wrapper script against a limited set of Lustre
filesystems specifically listed.
Currently wraps up the functionality of the lfs quota (as getquota), lfs setquota, and lfs find commands.
In addition to the standard lfs command functionality, the wrapper also adds some additional features:
getquota and setquota both accept multiple users/groups on the command linesetquota command checks current quotas before setting and refuses to set if the change would put an under-quota user/group over quota (without a --force=*)getquota parses the output of lfs quota and outputs it in one of several customisable machine- and human-readable formats (including JSON, TSV, & CSV)Up-to-date usage information can be found in the inline perldocs (perldoc lustre_operator) or by
running lustre_operator with no arguments or with --help.
No configuration is required to run the lustre_operator command as a normal user or for users who already have
root or full sudo access. Such users can still benefit from the setquota over-quota check and from the sane
output formats that lustre_operator offers.
However, the main strength of lustre_operator is that it structures the command-line arguments in such a way
that it can easily be used to allow a set of users to perform quota and find operations on a particular Lustre
filesystem (or set of filesystems).
For example, the following sudoers snippet would allow the user opuser1 to run getquota, setquota,
and find operations as root on /mnt/lustre01:
er1 ALL = (root) NOPASSWD : /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01
You could add multiple filesystems like this:
er1 ALL = (root) NOPASSWD : /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01,\
/usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre02,\
/usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre03
You can also include the subcommands in the sudoers line:
er1 ALL = (root) NOPASSWD : /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01 getquota,\
er1 ALL = (root) NOPASSWD : /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01 find
Users might find it annoying to have to type /usr/local/bin/lustre_operator /usr/bin/lfs /mnt/lustre01 before
they can get to the meat of the command, but a shell alias can easily address that issue.