On Wed, Jun 12, 2013 at 1:48 PM, John Nielsen <lists@xxxxxxxxxxxx> wrote: > On Jun 12, 2013, at 2:02 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote: > >> On Wed, Jun 12, 2013 at 12:59 PM, John Nielsen <lists@xxxxxxxxxxxx> wrote: >>> After updating to Cuttlefish I was able to set up two rados gateways using distinct pools and users. (Thanks Yehuda!) Now I'd like to make it so the user for each gateway can only access its own pools and nothing else. The reasons include security and preventing foot-shooting. >>> >>> Instead of simply having this: caps osd = "allow rwx" >>> >>> I tried: >>> >>> caps osd = "allow class-read, allow pool .intent-log rwx, allow pool .log rwx, allow pool .rgw rwx, allow pool .rgw.buckets rwx, allow pool .rgw.control rwx, allow pool .rgw.gc rwx, allow pool .usage rwx, allow pool .users rwx, allow pool .users.email rwx, allow pool .users.swift rwx, allow pool .users.uid rwx" >> >> You'll need more than just class-read. > > Can you be more specific? > Try adding class-write. Yehuda _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com