At present, the only security permission on the MDS is "allowed to do stuff", so "rwx" and "*" are synonymous. In general "*" means "is an admin", though, so you'll be happier in the future if you use "rwx". You may also want a more restrictive set of monitor capabilities as somebody else recently pointed out, but [3] will give you the filesystem access you're looking for. -Greg Software Engineer #42 @ http://inktank.com | http://ceph.com On Fri, Mar 28, 2014 at 9:40 AM, Travis Rhoden <trhoden@xxxxxxxxx> wrote: > Hi Folks, > > What would be the right set of capabilities to set for a new client key that > has access to CephFS only? I've seen a few different examples: > > [1] mds 'allow *' mon 'allow r' osd 'allow rwx pool=data' > [2] mon 'allow r' osd 'allow rwx pool=data' > [3] mds 'allow rwx' mon 'allow r' osd 'allow rwx pool=data' > > I'm inclined to go with [3]. [1] seems weird for using *, I like seeing rwx. > Are these synonymous? [2] seems wrong because it doesn't include anything > for MDS. > > - Travis > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com