ceph client capabilities for the rados gateway

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello.

The documentation which I found proposes to create the ceph client 
for a rados gateway with very global capabilities, namely
"mon allow rwx, osd allow rwx". 

Are there any reasons for these very global capabilities (allowing 
this client to access and modify (even remove) all pools, all rbds, 
etc., event thiose in use vy other ceph clients? I tried to restrict 
the rights, and my rados gateway seems to work with 
capabilities "mon allow r, osd allow rwx pool=.rgw.root, allow rwx 
pool=a.root, allow rwx pool=am.rgw.control [etc. for all the pools 
which this gateway uses]" 

Are there any reasons not to restrict the capabilities in this way?

Thank you.
-- 
Diedrich Ehlerding, Fujitsu Technology Solutions GmbH, 
MIS ITST CE PS&IS WST, Hildesheimer Str 25, D-30880 Laatzen
Fon +49 511 8489-1806, Fax -251806, Mobil +49 173 2464758
Firmenangaben: http://de.ts.fujitsu.com/imprint.html

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux