Hi,
On 01/11/2017 12:39 PM, Boris Mattijssen wrote:
Hi Brukhard,
Thanks for your answer. I've tried two things now:
* ceph auth get-or-create client.boris mon 'allow r' mds 'allow r
path=/, allow rw path=/boris' osd 'allow rw pool=cephfs_data'. This is
according to your suggestion. I am however now still able to mount the
root path and read all containing subdirectories.
So 'allow r path=/' matches subdirectories, too (which makes sense).
* ceph auth get-or-create client.boris mon 'allow r' mds 'allow rw
path=/boris' osd 'allow rw pool=cephfs_data'. So now I disallowed
reading the root at all. I am however now not able to mount the fs
(even when using the -r /boris) flag.
That's what I meant by you need access to the root directory for
mounting subdirectories. ceph-fuse or kcephfs has to be able to resolve
the 'boris' subdirectory to its inode ID and thus needs read access to
the root directory.
So to make it clear, I want to limit a given client (boris in this
case) to only read an write to a given subdirectory of the root
(/boris in this case).
And now I'm curious how to do it properly ;-) May be one of the
developers can shed some light on it.
Regards,
Burkhard
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
