On Wed, 23 May 2012, Gregory Farnum wrote: > On Wed, May 23, 2012 at 1:51 AM, Frank <frankwoo.scc@xxxxxxxxx> wrote: > > Hello > > I have a question about ceph. > > > > When I mount ceph, I do the command as follow : > > > > # mount -t ceph -o name=admin,secret=XXXXXX 10.1.0.1:6789/ /mnt/ceph -vv > > > > now I create an user "foo" and make a secretkey by ceph-authtool like that : > > > > # ceph-authtool /etc/ceph/keyring.bin -n client.foo --gen-key > > > > then I add the key into ceph : > > > > # ceph auth add client.foo osd 'allow *' mon 'allow *' mds 'allow' -i > > /etc/ceph/keyring.bin > > > > so i can mount ceph by foo : > > > > # mount -t ceph -o name=foo,secret=XOXOXO 10.1.0.1:6789/ /mnt/ceph -vv > > > > my question is if i don't want "foo" that has permission to mount 10.1.0.1:6789/ > > > > HOW TO DO ITÿÿ > > > > if there is a directory "foo" > > > > I want he can mount 10.1.0.1:6789:/foo/ > > > > but have no access to mount 10.1.0.1:6789:/ > > I'm afraid that's not an option with Ceph right now, that I'm aware > of. It was built and designed for a trusted set of servers and > clients, and while we're slowly carving out areas of security, this > isn't one we've done yet. > If it's an important feature for you, you should create a feature > request in the tracker (tracker.newdream.net) for it, which we will > prioritize and work on once we've moved to focus on the full > filesystem. :) http://tracker.newdream.net/issues/1237 (tho the final config will probably not look like that; suggestions welcome.) sage
