Posted On: May 25, 2022
Amazon FSx for Lustre, a service that provides cost-effective, high-performance, and scalable file storage for compute workloads, now supports root squash. This administrative feature adds an additional layer of file access control on top of the current network-based access control and POSIX file permissions that FSx for Lustre provides. Using the root squash feature, you can restrict root level file system access from clients that access an FSx for Lustre file system as root.
IT administrators often give users root access on their compute instances to perform privileged operations such as changing system configurations or installing and removing software. However, for instances attached to a Linux based file system, such as FSx for Lustre, a user who is granted root access also gets full access to files on the file system, which may not be desirable for certain scenarios. With root squash enabled, you can continue to give users root access to instances attached to an FSx for Lustre file system, while limiting file system permissions to those of a less-privileged user and group.
The root squash feature is available at no additional cost on all Amazon FSx for Lustre file systems in all AWS Regions where FSx for Lustre is available. For more information about this new feature, see the Amazon FSx for Lustre documentation.