Re: cephx key for CephFS access only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At present, the only security permission on the MDS is "allowed to do
stuff", so "rwx" and "*" are synonymous. In general "*" means "is an
admin", though, so you'll be happier in the future if you use "rwx".
You may also want a more restrictive set of monitor capabilities as
somebody else recently pointed out, but [3] will give you the
filesystem access you're looking for.
-Greg
Software Engineer #42 @ http://inktank.com | http://ceph.com


On Fri, Mar 28, 2014 at 9:40 AM, Travis Rhoden <trhoden@xxxxxxxxx> wrote:
> Hi Folks,
>
> What would be the right set of capabilities to set for a new client key that
> has access to CephFS only?  I've seen a few different examples:
>
> [1] mds 'allow *' mon 'allow r' osd 'allow rwx pool=data'
> [2] mon 'allow r' osd 'allow rwx pool=data'
> [3] mds 'allow rwx' mon 'allow r' osd 'allow rwx pool=data'
>
> I'm inclined to go with [3]. [1] seems weird for using *, I like seeing rwx.
> Are these synonymous? [2] seems wrong because it doesn't include anything
> for MDS.
>
> - Travis
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux