On Wed, Aug 23, 2017 at 3:13 PM, Marc Roos <M.Roos@xxxxxxxxxxxxxxxxx> wrote: > > > ceph fs authorize cephfs client.bla /bla rw > > Will generate a user with these permissions > > [client.bla] > caps mds = "allow rw path=/bla" > caps mon = "allow r" > caps osd = "allow rw pool=fs_data" > > With those permissions I cannot mount, I get a permission denied, until > I change the permissions to eg. These: > > caps mds = "allow r, allow rw path=/bla" > caps mon = "allow r" > caps osd = "allow rwx pool=fs_meta,allow rwx pool=fs_data" > > Are these the minimum required permissions for mounting? I guess this > should also be updated for ceph fs authorize? I'm guessing you're using an older kernel client -- the older client always tries to read the / inode even if it is mounting a subpath, so needed that "allow r" workaround. I don't think there's a neat way to accommodate that with the new "fs authorize" hotness, but this probably deserves a little warning box in the documentation. John > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |