Cephfs: one ceph account per directory?

François Lafont <flafdivers@xxxxxxx> · Thu, 4 Jun 2015 16:25:43 +0200

Hi,

A Hammer cluster can provide only one Cephfs and my problem is about security.
Currently, if I want to share a Cephfs for 2 nodes foo-1 and foo-2 and another Cephfs for
2 another nodes bar-1 and bar-2, I just mount a dedicated directory in foo-1/foo-2 and
another dedicated directory in bar-1/bar-2. For instance, I put this line in the /etc/fstab
of foo-1 and foo-2:

    mon-1,mon-2,mon-3:/foo   /mnt   ceph   noatime,name=cephfs-account,secretfile=/etc/ceph/secret

And I put this line in the /etc/fstab of bar-1 and bar-2:

    mon-1,mon-2,mon-3:/bar   /mnt   ceph   noatime,name=cephfs-account,secretfile=/etc/ceph/secret

But as you can see, I use the same ceph account in foo-{1,2} and in bar-{1,2}.
So, for instance, if foo-1 is compromised because a bad person is root on this server,
the bad person can remove the content of /foo in Cephfs (ok, it's normal) but the
bad person can change the line in fstab to have:

    mon-1,mon-2,mon-3:/   /mnt   ceph   noatime,name=cephfs-account,secretfile=/etc/ceph/secret

and he can remove too the content of /bar/ in Cephfs (which is less acceptable ;)).

1. Can you confirm to me that currently it's impossible to restrict the read and
write access of a ceph account to a specific directory of a cephfs?

2. Is it planned to implement a such feature in a next release of Ceph?

3. Do you have workarounds to solve my problem of security? Of course, a solution could be
to install 2 different Ceph clusters with each its owned Cephfs but I can't (because it involves
to install new daemons monitors, mds etc. and this this not possible for me).

Thanks in advance for your help.
Regards.

-- 
François Lafont

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com