2011/8/17 Tommi Virtanen <tommi.virtanen@xxxxxxxxxxxxx>: > This seems to be possible with Ceph as it is now, but it is definitely > not the normal setup. As in, test carefully and understand you're > going off the beaten path. This feature combo is now in the tracker as http://tracker.newdream.net/issues/1401 Summarizing the IRC conversation that came up after the initial email: - MISSING functionality: nothing currently prevents customerA from running find /customerB and seeing all the file metadata, or even root@customerA from running rm -rf /customerB; the pool access control only protects the file contents, and if the uids overlap, the files are really considered to have the same owner - there's also a concept of "auid" that may be relevant; it is used for e.g. noting rados pool owners, and can be used in the caps to do a bit of abstraction like 'read and write any pool with owner=my_auid', instead of needing to list the pools explicitly -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
