Re: Restrict cephx commands

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 2, 2016 at 9:40 AM, Василий Ангапов <angapov@xxxxxxxxx> wrote:
> Greg,
> Can you give us some examples of that?

Just looking at the header source, one of the examples is

'allow command foo', 'allow command bar with arg1=val1 arg2 prefix val2'

So you can do things like that. Substitute "auth create" or similar
for "foo" and "bar". :)


>
> 2016-03-02 19:34 GMT+03:00 Gregory Farnum <gfarnum@xxxxxxxxxx>:
>> On Tue, Mar 1, 2016 at 7:37 PM, chris holcombe
>> <chris.holcombe@xxxxxxxxxxxxx> wrote:
>>> Hey Ceph Users!
>>>
>>> I'm wondering if it's possible to restrict the ceph keyring to only
>>> being able to run certain commands.  I think the answer to this is no
>>> but I just wanted to ask.  I haven't seen any documentation indicating
>>> whether or not this is possible.  Anyone know?
>>
>> It *is* possible to create keyrings with access to certain commands on
>> the monitor. We make use of this with our bootstrap keyrings et al;
>> you can look at them for examples and see the code in
>> ceph/src/mon/MonCaps.* for how it works.
>> -Greg
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@xxxxxxxxxxxxxx
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux