You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Tomek Rękawek (JIRA)" <ji...@apache.org> on 2018/11/30 15:06:00 UTC
[jira] [Comment Edited] (OAK-7725) Allow to have the users and
groups created in the immutable part of the composite setup
[ https://issues.apache.org/jira/browse/OAK-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704863#comment-16704863 ]
Tomek Rękawek edited comment on OAK-7725 at 11/30/18 3:05 PM:
--------------------------------------------------------------
[~anchela] - I haven't done any changes in the security-related code. The changes committed in r1847748 related to the Composite Node Store code - it prevents now creating cross-mount weak references, which is a good thing anyway. I should formulate the commit message better.
Let's discuss the approach on the Oak call.
was (Author: tomek.rekawek):
[~anchela] - I haven't done any changes in the security-related code. The changes committed in r1847748 related to the Composite Node Store code - it prevents now creating cross-mount weak references, which is a good thing anyway.
Let's discuss the approach on the Oak call.
> Allow to have the users and groups created in the immutable part of the composite setup
> ---------------------------------------------------------------------------------------
>
> Key: OAK-7725
> URL: https://issues.apache.org/jira/browse/OAK-7725
> Project: Jackrabbit Oak
> Issue Type: Story
> Components: composite, security
> Reporter: Tomek Rękawek
> Assignee: Tomek Rękawek
> Priority: Major
> Fix For: 1.10, 1.9.13
>
>
> When running the Oak with Composite Node Store, the /home subtree is always stored in the mutable, global part. Therefore, even if we switch the immutable part (eg. /libs), the users and groups are not affected.
> This setup makes sense for the users and groups created interactively. However, we also have the service users, which usually are not created interactively, but are part of the application and therefore are related to the /libs part. For such users, it'd make sense to include them dynamically, together with the application, read-only mount.
> The proposal is to allow some part of the /home (eg. /home/service) to be mounted from the read-only partial node store. Let's consider the constraints we need to put in place (eg. it shouldn't be possible to have inter-mounts group memberships) and how we can implement this.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)