GlusterFS makes it possible with auth.ssl-allow option to allow or deny access to given volumes for a given client, identified by its SSL certificate, but the access is global: either the client has access to the entire volume, or not.
It also has support for ACLs for individual directories, but the ACLs rely on user names, and not SSL certificates. In other words, if a given machine is compromised, nothing prevents an attacker from creating an account with a given name to access specific directories.
Is there a way to restrict access to the given directories to the clients, specified by their certificate's CN?
