Privilege Group Management
Create Privilege Group
Enter the Baidu AI Cloud CFS Service Management Console, click [Privilege Group] in the left navigation bar to enter the "CFS privilege group" page.
On the CFS privilege group page, click [Create Privilege Group], and set the privilege group name and description in the pop-up window to complete the creation of the privilege group.
The newly created authority group appears in the list of authority groups page, and supports the management and deletion of existing authority groups.
Add Privilege Group Rules
Click on the name of the privilege group to enter the details page of the privilege group, you can see a list of rule information, edit and delete existing rules.
Click [New Rule] to set the authorization address, authority, user range and priority of the authority group rule in the pop-up window to complete the creation of the authority group rule.
The specific description of the privilege group rule setting is as follows:
| Field | Description |
|---|---|
| Authorized address | Virtual machine VPC IP, and you can fill in a single IP or network segment, such as: 10.10.1.123 or 192.168.3.0/24. |
| Privilege | Read-only or read-write, restrict the authorized object's access to the file system. |
| User scope | Restrict the access rights of visiting users to the file system. 1) Unrestricted root user: root The user has access to the file system; 2) Restrict root users: root The user is mapped as an anonymous user when visiting; 3) Restrict all users: All users are mapped as anonymous users when visiting. Among them, anonymous users are the default users of the Linux system and can only access public content on the server. Note This privilege item is only valid for file system access of NFS protocol. File system of SMB/CIFS protocol does not support this privilege item, and it will not take effect after configuration. |
| Priority | The priority is an integer from 1 to 100. The smaller the number, the higher the priority. High priority rules override low priority rules; the default value is 1, which is the highest priority. Currently, multiple rules sharing the same priority are not supported. |
Apply Privilege Group Rules
Select the file system for which the privilege group needs to be configured, enter the file system details, and bind the privilege group for the mount point that needs to be configured. Two configuration methods are currently supported:
- When creating a new mount point, select the configured privilege group.
- The default privilege group is set when the mount point is created. After the privilege group is configured, click [Modify Privilege Group] operation in the mount point information list to configure the privilege group.