Mirror
/
mergerfs
mirror of https://github.com/trapexit/mergerfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1249 Commits
31 Branches
95 Tags
39 MiB
Tree: 174e703d2e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '174e703d2e'
${ noResults }
mergerfs/mkdocs/docs/faq/recommendations_and_warning...

49 lines
2.5 KiB
Raw Normal View History

add mkdocs Initial commit of a mkdocs based docs setup
3 weeks ago
Rework mkdocs based documentation Lots of restructoring and extra information.
3 weeks ago
add mkdocs Initial commit of a mkdocs based docs setup
3 weeks ago
Rework mkdocs based documentation Lots of restructoring and extra information.
3 weeks ago
add mkdocs Initial commit of a mkdocs based docs setup
3 weeks ago
Rework mkdocs based documentation Lots of restructoring and extra information.
3 weeks ago
add mkdocs Initial commit of a mkdocs based docs setup
3 weeks ago
Rework mkdocs based documentation Lots of restructoring and extra information.
3 weeks ago
add mkdocs Initial commit of a mkdocs based docs setup
3 weeks ago
Rework mkdocs based documentation Lots of restructoring and extra information.
3 weeks ago
add mkdocs Initial commit of a mkdocs based docs setup
3 weeks ago
Rework mkdocs based documentation Lots of restructoring and extra information.
3 weeks ago
add mkdocs Initial commit of a mkdocs based docs setup
3 weeks ago
Rework mkdocs based documentation Lots of restructoring and extra information.
3 weeks ago
add mkdocs Initial commit of a mkdocs based docs setup
3 weeks ago
  1. # Recommendations and Warnings
  3. ## What should mergerfs NOT be used for?
  5. - databases: Even if the database stored data in separate files
  6. (mergerfs wouldn't offer much otherwise) the higher latency of the
  7. indirection will really harm performance. If it is a lightly used
  8. sqlite3 database then it should be fine.
  9. - VM images: For the same reasons as databases. VM images are accessed
  10. very aggressively and mergerfs will introduce a lot of extra latency.
  11. - As replacement for RAID: mergerfs is just for pooling branches. If
  12. you need that kind of device performance aggregation or high
  13. availability you should stick with RAID. However, it is fine to put
  14. a filesystem which is on a RAID setup in mergerfs.
  17. ## It's mentioned that there are some security issues with mhddfs. What are they? How does mergerfs address them?
  19. [mhddfs](https://github.com/trapexit/mhddfs) manages running as
  20. `root` by calling
  21. [getuid()](https://github.com/trapexit/mhddfs/blob/cae96e6251dd91e2bdc24800b4a18a74044f6672/src/main.c#L319)
  22. and if it returns `0` then it will
  23. [chown](http://linux.die.net/man/1/chown) the file. Not only is that a
  24. race condition but it doesn't handle other situations. Rather than
  25. attempting to simulate POSIX ACL behavior the proper way to manage
  26. this is to use [seteuid](http://linux.die.net/man/2/seteuid) and
  27. [setegid](http://linux.die.net/man/2/setegid), in effect, becoming the
  28. user making the original call, and perform the action as them. This is
  29. what mergerfs does and why mergerfs should always run as root.
  31. In Linux setreuid syscalls apply only to the thread. glibc hides this
  32. away by using realtime signals to inform all threads to change
  33. credentials. Taking after Samba, mergerfs uses
  34. `syscall(SYS_setreuid,...)` to set the callers credentials for that
  35. thread only. Jumping back to `root` as necessary should escalated
  36. privileges be needed (for instance: to clone paths between
  37. filesystems).
  39. For non-Linux systems, mergerfs uses a read-write lock and changes
  40. credentials only when necessary. If multiple threads are to be user X
  41. then only the first one will need to change the processes
  42. credentials. So long as the other threads need to be user X they will
  43. take a readlock allowing multiple threads to share the
  44. credentials. Once a request comes in to run as user Y that thread will
  45. attempt a write lock and change to Y's credentials when it can. If the
  46. ability to give writers priority is supported then that flag will be
  47. used so threads trying to change credentials don't starve. This isn't
  48. the best solution but should work reasonably well assuming there are
  49. few users.