Ok, just discovered that with the fuse client, we have to add the '-r /path' option, to treat that as root. So I assume the caps 'mds allow r' is only needed if we also what to be able to mount the directory with the kernel client. Right? Best, Martin On Mon, Dec 5, 2016 at 1:20 PM, Martin Palma <martin@xxxxxxxx> wrote: > Hello, > > is it possible prevent cephfs client to mount the root of a cephfs > filesystem and browse through it? > > We want to restrict cephfs clients to a particular directory, but when > we define a specific cephx auth key for a client we need to add the > following caps: "mds 'allow r'" which then gives the client also the > possibility to mount the root for cephfs and inspect it. > > Are we missing something or is this by design? > > > Best, > Martin _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com