On Thu, Mar 3, 2016 at 11:05 AM, Lincoln Bryant <lincolnb@xxxxxxxxxxxx> wrote: > Also very interested in this if there are any docs available! > > --Lincoln > >> On Mar 3, 2016, at 1:04 PM, Fred Rolland <frolland@xxxxxxxxxx> wrote: >> >> Can you share a link describing the UID squashing feature? You know what, we'd discussed adding this but I think in the end we didn't. Sorry to get your hopes up, guys! -Greg >> >> On Mar 3, 2016 9:02 PM, "Gregory Farnum" <gfarnum@xxxxxxxxxx> wrote: >> On Wed, Mar 2, 2016 at 11:22 PM, Fred Rolland <frolland@xxxxxxxxxx> wrote: >> > Thanks for your reply. >> > >> > Server : >> > [root@ceph-1 ~]# rpm -qa | grep ceph >> > ceph-mon-0.94.1-13.el7cp.x86_64 >> >> That would be a Hammer release. Nothing there for doing anything with >> permission checks at all. >> -Greg >> >> > ceph-radosgw-0.94.1-13.el7cp.x86_64 >> > ceph-0.94.1-13.el7cp.x86_64 >> > ceph-osd-0.94.1-13.el7cp.x86_64 >> > ceph-deploy-1.5.25-1.el7cp.noarch >> > ceph-common-0.94.1-13.el7cp.x86_64 >> > [root@ceph-1 ~]# uname -a >> > Linux ceph-1.qa.lab.tlv.redhat.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29 >> > 17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux >> > >> > Client: >> > [root@RHEL7 ~]# rpm -qa | grep ceph >> > ceph-fuse-0.94.6-0.el7.x86_64 >> > python-cephfs-0.94.6-0.el7.x86_64 >> > libcephfs1-0.94.6-0.el7.x86_64 >> > ceph-common-0.94.6-0.el7.x86_64 >> > ceph-0.94.6-0.el7.x86_64 >> > >> > [root@RHEL7 ~]# uname -a >> > Linux RHEL7.1Server 3.10.0-229.26.1.el7.x86_64 #1 SMP Fri Dec 11 16:53:27 >> > EST 2015 x86_64 x86_64 x86_64 GNU/Linux >> > >> > >> > [root@RHEL7 ~]# su - sanlock -s /bin/bash >> > Last login: Wed Mar 2 14:06:34 IST 2016 on pts/0 >> > -bash-4.2$ whoami >> > sanlock >> > -bash-4.2$ touch /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test >> > touch: cannot touch ‘/rhev/data-center/mnt/ceph-1.qa.lab:6789:_1111/test’: >> > Permission denied >> > >> > >> > [root@RHEL7 ~]# su - vdsm -s /bin/bash >> > Last login: Wed Mar 2 12:19:11 IST 2016 on pts/1 >> > -bash-4.2$ touch /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test >> > -bash-4.2$ rm /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test >> > -bash-4.2$ >> > >> > Permissions of directory : >> > ll >> > total 0 >> > drwxr-xr-x 1 vdsm kvm 0 Mar 2 14:08 1111 >> > >> > >> > >> > On Wed, Mar 2, 2016 at 6:25 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: >> >> >> >> On Wed, Mar 2, 2016 at 4:21 AM, Fred Rolland <frolland@xxxxxxxxxx> wrote: >> >> > Hi, >> >> > >> >> > I am trying to use CEPH FS in oVirt (RHEV). >> >> > The mount is created OK, however, the hypervisor need access to the >> >> > mount >> >> > from different users (eg: vdsm, sanlock) >> >> > It seems that Sanlock user is having permissions issues. >> >> > >> >> > When using NFS, configuring the export as all_squash and defining >> >> > anonuid/anongid will solve this problem [1]. >> >> > >> >> > Is there a possibility to configure in Ceph FS an equivalent to NFS >> >> > all_squash/anonuid/anongid ? >> >> >> >> What version of Ceph are you running? Newer versions have added a >> >> security model and include *some* UID squashing features, but prior to >> >> Infernalis, CephFS didn't do any security checking at all (it was all >> >> client-side in the standard VFS). >> >> -Greg >> > >> > >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |