On Thu, Jan 15, 2015 at 9:44 AM, Sage Weil <sweil@xxxxxxxxxx> wrote: > In addition (or instead of) making the API harder to fat-finger, we could > also add a mon config option like > > mon allow pool deletion = false > > that defaults off. Then, to delete any pool, you need to update ceph.conf > and restart mons or inject the config option change (ceph daemon > mon.`hostname` conig set ... on the leader) or the API will give you > EPERM. > > This offers some protection even for client.admin key users if we prevent > injectargs for that option (maybe feasible) and they don't have access to > the actual mon machine. What would that buy us? Preventing injectargs on it would require mon restarts, which is unfortunate — and makes it sounds more like a security feature than a safety blanket. -Greg -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
