Can you share a link describing the UID squashing feature?
On Mar 3, 2016 9:02 PM, "Gregory Farnum" <gfarnum@xxxxxxxxxx> wrote:
On Wed, Mar 2, 2016 at 11:22 PM, Fred Rolland <frolland@xxxxxxxxxx> wrote:
> Thanks for your reply.
>
> Server :
> [root@ceph-1 ~]# rpm -qa | grep ceph
> ceph-mon-0.94.1-13.el7cp.x86_64
That would be a Hammer release. Nothing there for doing anything with
permission checks at all.
-Greg
> ceph-radosgw-0.94.1-13.el7cp.x86_64
> ceph-0.94.1-13.el7cp.x86_64
> ceph-osd-0.94.1-13.el7cp.x86_64
> ceph-deploy-1.5.25-1.el7cp.noarch
> ceph-common-0.94.1-13.el7cp.x86_64
> [root@ceph-1 ~]# uname -a
> Linux ceph-1.qa.lab.tlv.redhat.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29
> 17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux
>
> Client:
> [root@RHEL7 ~]# rpm -qa | grep ceph
> ceph-fuse-0.94.6-0.el7.x86_64
> python-cephfs-0.94.6-0.el7.x86_64
> libcephfs1-0.94.6-0.el7.x86_64
> ceph-common-0.94.6-0.el7.x86_64
> ceph-0.94.6-0.el7.x86_64
>
> [root@RHEL7 ~]# uname -a
> Linux RHEL7.1Server 3.10.0-229.26.1.el7.x86_64 #1 SMP Fri Dec 11 16:53:27
> EST 2015 x86_64 x86_64 x86_64 GNU/Linux
>
>
> [root@RHEL7 ~]# su - sanlock -s /bin/bash
> Last login: Wed Mar 2 14:06:34 IST 2016 on pts/0
> -bash-4.2$ whoami
> sanlock
> -bash-4.2$ touch /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test
> touch: cannot touch ‘/rhev/data-center/mnt/ceph-1.qa.lab:6789:_1111/test’:
> Permission denied
>
>
> [root@RHEL7 ~]# su - vdsm -s /bin/bash
> Last login: Wed Mar 2 12:19:11 IST 2016 on pts/1
> -bash-4.2$ touch /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test
> -bash-4.2$ rm /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test
> -bash-4.2$
>
> Permissions of directory :
> ll
> total 0
> drwxr-xr-x 1 vdsm kvm 0 Mar 2 14:08 1111
>
>
>
> On Wed, Mar 2, 2016 at 6:25 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote:
>>
>> On Wed, Mar 2, 2016 at 4:21 AM, Fred Rolland <frolland@xxxxxxxxxx> wrote:
>> > Hi,
>> >
>> > I am trying to use CEPH FS in oVirt (RHEV).
>> > The mount is created OK, however, the hypervisor need access to the
>> > mount
>> > from different users (eg: vdsm, sanlock)
>> > It seems that Sanlock user is having permissions issues.
>> >
>> > When using NFS, configuring the export as all_squash and defining
>> > anonuid/anongid will solve this problem [1].
>> >
>> > Is there a possibility to configure in Ceph FS an equivalent to NFS
>> > all_squash/anonuid/anongid ?
>>
>> What version of Ceph are you running? Newer versions have added a
>> security model and include *some* UID squashing features, but prior to
>> Infernalis, CephFS didn't do any security checking at all (it was all
>> client-side in the standard VFS).
>> -Greg
>
>
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
