That's not an option any more, since malicious clients can fake it so easily. :( On Wednesday, May 23, 2012 at 10:35 PM, FrankWOO Su wrote: > So in this version, can i do some settings about mount command limited by IP ? > > any example ?? > > Thanks > -Frank > > 2012/5/24 Sage Weil <sage@xxxxxxxxxxx (mailto:sage@xxxxxxxxxxx)> > > On Wed, 23 May 2012, Gregory Farnum wrote: > > > On Wed, May 23, 2012 at 1:51 AM, Frank <frankwoo.scc@xxxxxxxxx (mailto:frankwoo.scc@xxxxxxxxx)> wrote: > > > > Hello > > > > I have a question about ceph. > > > > > > > > When I mount ceph, I do the command as follow : > > > > > > > > # mount -t ceph -o name=admin,secret=XXXXXX 10.1.0.1:6789/ (http://10.1.0.1:6789/) /mnt/ceph -vv > > > > > > > > now I create an user "foo" and make a secretkey by ceph-authtool like that : > > > > > > > > # ceph-authtool /etc/ceph/keyring.bin -n client.foo --gen-key > > > > > > > > then I add the key into ceph : > > > > > > > > # ceph auth add client.foo osd 'allow *' mon 'allow *' mds 'allow' -i > > > > /etc/ceph/keyring.bin > > > > > > > > so i can mount ceph by foo : > > > > > > > > # mount -t ceph -o name=foo,secret=XOXOXO 10.1.0.1:6789/ (http://10.1.0.1:6789/) /mnt/ceph -vv > > > > > > > > my question is if i don't want "foo" that has permission to mount 10.1.0.1:6789/ (http://10.1.0.1:6789/) > > > > > > > > HOW TO DO ITÿÿ > > > > > > > > if there is a directory "foo" > > > > > > > > I want he can mount 10.1.0.1:6789:/foo/ > > > > > > > > but have no access to mount 10.1.0.1:6789:/ > > > > > > I'm afraid that's not an option with Ceph right now, that I'm aware > > > of. It was built and designed for a trusted set of servers and > > > clients, and while we're slowly carving out areas of security, this > > > isn't one we've done yet. > > > If it's an important feature for you, you should create a feature > > > request in the tracker (tracker.newdream.net (http://tracker.newdream.net)) for it, which we will > > > prioritize and work on once we've moved to focus on the full > > > filesystem. :) > > > > > > http://tracker.newdream.net/issues/1237 > > > > (tho the final config will probably not look like that; suggestions > > welcome.) > > > > sag -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
