Red Hat Enterprise Linux 5 Administration Unleashed

Using Access Control Lists 185Understanding Clustering and GFSIn some enterprise infrastructures, high-performance, reliable, scalable servers and sharedstorage are necessary, with minimal downtime. Although RAID offers redundancy andNFS offers shared storage, they have limitations. For example, NFS transfer and accessrates are slower than I/O to local disks and can have even slower rates depending on thenumber of simultaneous connections.The Red Hat Cluster Suite offers application failover across multiple servers. Commonservers that use clustering include web servers, database servers, and file servers such asGFS, or Global File Systems.GFS is a scalable shared storage solution with I/O performance comparable to local diskaccess. It is usually combined with clustering to provide even more reliable storage withfailover, redundancy, and simultaneous shared access to a GFS filesystem. Whencombined with clustering, the GFS filesystem is used on one or more file servers acting asthe storage pool accessed by all the cluster nodes via a Storage Area Network (SAN). Inaddition to its ability to scale to meet the storage needs of hundreds or more serverssimultaneously, the size of each GFS filesystem can be expanded while still in use.The easiest way to start using the Red Hat Cluster Suite and Red Hat GFS is to install thepackages from RHN using the Cluster Suite and GFS software channels. Refer to Chapter 3for details on installing all the packages from a child software channel.After installing the appropriate RPM packages, set up the cluster using the ClusterConfiguration Tool (system-config-cluster) before configuring GFS. The exact configurationof Cluster Suite and GFS depends on a great deal of factors including the needs ofyour infrastructure, budget allocated to the system group, amount of shared storageneeded plus extra for future expansion, and what type of application servers are to be runon the cluster servers. Refer to the Documentation and Knowledgebase sections ofredhat.com for detailed instructions.7Using Access Control ListsOn an ext3 filesystem, read, write, and execute permissions can be set for the owner ofthe file, the group associated with the file, and for everyone else who has access to thefilesystem. These files are visible with the ls -l command. Refer to Chapter 4,“Understanding Linux Concepts,” for information on reading standard file permissions.In most cases, these standard file permissions along with restricted access to mountingfilesystems are all that an administrator needs to grant file privileges to users and toprevent unauthorized users from accessing important files. However, when these basic filepermissions are not enough, access control lists, or ACLs, can be used on an ext3 filesystem.ACLs expand the basic read, write, and execute permissions to more categories of usersand groups. In addition to permissions for the owner and group for the file, ACLs allowfor permissions to be set for any user, any user group, and the group of all users not inthe group for the user. An effective rights mask, which is explained later, can also be setto restrict permissions.