UID/GID Mapping

Introduction
Using Nodemap, UIDs, GIDs and PROJIDs provided by remote clients can be mapped onto a local set of UIDs, GIDs and PROJIDs for storage in the filesystem. Non-overlapping ranges of UID, GID, PROJID would be used from the filesystem to cater to different subsets of users.

The Nodemap functionality also allows restricting client sub-groups to mount only a specific subdirectory tree of the filesystem, rather than the whole filesystem (Subdirectory Mount).

You may find Nodemaps useful if:


 * You need to prevent UID, GID, and PROJID collisions between clients in different administrative domains
 * Two or more partner organizations would like to share data in the same filesystem
 * You can limit access from a partner site
 * You can limit administrator/root access to the filesystem
 * Force clients to mount the filesystem read-only
 * Specifying a subdirectory for clients (e.g. multi-tenancy)
 * Selectively enable audit logging for clients
 * Selectively enable client-side data encryption

Resources

 * IU UID/GID Mapping Feature (LU-3291)
 * OpenSFS Contract SFS-DEV-002
 * UID-GID Scope Statement v2
 * UID-GID Solution Architecture
 * UID-GID High Level Design

Presentations

 * Multi-tenancy: real-life implementation (LUG 2018)
 * Securing Lustre with Nodemap and Shared Key (Lustre Ecosystem 2016)
 * Using UID Mapping in Lustre 2.7 and GSS Shared Key Update (LUG 2015)