On Wed, May 23, 2012 at 1:51 AM, Frank <frankwoo.scc@xxxxxxxxx> wrote: > Hello > I have a question about ceph. > > When I mount ceph, I do the command as follow : > > # mount -t ceph -o name=admin,secret=XXXXXX 10.1.0.1:6789/ /mnt/ceph -vv > > now I create an user "foo" and make a secretkey by ceph-authtool like that : > > # ceph-authtool /etc/ceph/keyring.bin -n client.foo --gen-key > > then I add the key into ceph : > > # ceph auth add client.foo osd 'allow *' mon 'allow *' mds 'allow' -i > /etc/ceph/keyring.bin > > so i can mount ceph by foo : > > # mount -t ceph -o name=foo,secret=XOXOXO 10.1.0.1:6789/ /mnt/ceph -vv > > my question is if i don't want "foo" that has permission to mount 10.1.0.1:6789/ > > HOW TO DO IT? > > if there is a directory "foo" > > I want he can mount 10.1.0.1:6789:/foo/ > > but have no access to mount 10.1.0.1:6789:/ I'm afraid that's not an option with Ceph right now, that I'm aware of. It was built and designed for a trusted set of servers and clients, and while we're slowly carving out areas of security, this isn't one we've done yet. If it's an important feature for you, you should create a feature request in the tracker (tracker.newdream.net) for it, which we will prioritize and work on once we've moved to focus on the full filesystem. :) -Greg -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
