Dear all,
I am trying to follow the instructions at:
to restrict a client to a subdirectory of Ceph filesystem, but always get an error.
We are running the latest stable release of Ceph (v12.2.1) on CentOS 7 servers. The user 'hydra' has the following capabilities:
# ceph auth get client.hydra
exported keyring for client.hydra
[client.hydra]
key = AQxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
caps mds = "allow rw"
caps mgr = "allow r"
caps mon = "allow r"
caps osd = "allow rw"
When I tried to restrict the client to only mount and work within the directory /hydra of the Ceph filesystem 'pulpos', I got an error:
# ceph fs authorize pulpos client.hydra /hydra rw
Error EINVAL: key for client.dong exists but cap mds does not match
I've tried a few combinations of user caps and CephFS client caps; but always got the same error!
Has anyone able to get this to work? What is your recipe?
Thanks,
Shaw
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
