On Wed, Mar 2, 2016 at 9:40 AM, Василий Ангапов <angapov@xxxxxxxxx> wrote: > Greg, > Can you give us some examples of that? Just looking at the header source, one of the examples is 'allow command foo', 'allow command bar with arg1=val1 arg2 prefix val2' So you can do things like that. Substitute "auth create" or similar for "foo" and "bar". :) > > 2016-03-02 19:34 GMT+03:00 Gregory Farnum <gfarnum@xxxxxxxxxx>: >> On Tue, Mar 1, 2016 at 7:37 PM, chris holcombe >> <chris.holcombe@xxxxxxxxxxxxx> wrote: >>> Hey Ceph Users! >>> >>> I'm wondering if it's possible to restrict the ceph keyring to only >>> being able to run certain commands. I think the answer to this is no >>> but I just wanted to ask. I haven't seen any documentation indicating >>> whether or not this is possible. Anyone know? >> >> It *is* possible to create keyrings with access to certain commands on >> the monitor. We make use of this with our bootstrap keyrings et al; >> you can look at them for examples and see the code in >> ceph/src/mon/MonCaps.* for how it works. >> -Greg >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |