On Mon, Jul 2, 2012 at 4:44 AM, Wido den Hollander <wido@xxxxxxxxx> wrote: > Hi, > > > On 02-07-12 13:41, Florian Haas wrote: >> >> Hi everyone, >> >> radosgw(8) states that the following capabilities must be granted to >> the user that radosgw uses to connect to RADOS. >> >> ceph-authtool -n client.radosgw.gateway --cap mon 'allow r' --cap osd >> 'allow rwx' --cap mds 'allow' /etc/ceph/keyring.radosgw.gateway >> >> Could someone explain why we need an "mds 'allow'" in here? I thought >> only CephFS clients talked to MDSs, and at first glance configuring >> client.radosgw.gateway without any MDS capability seems not to break >> anything (at least with my limited S3 tests). Am I missing something? >> > > You are not allowing the RADOS Gateway to do anything on the MDS. > > There is no 'r', 'w' or 'x' permission which you are allowing. So there is > nothing the rgw has access to on the MDS. Actually, that is an MDS cap — it's the "allow" cap, and that's all that the MDS checks right now. But it is indeed completely unnecessary for the MDS. (Thanks for the doc fix, Florian!) -Greg -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
