On Thu, Oct 12, 2017 at 11:12 AM, Frank Yu <flyxiaoyu@xxxxxxxxx> wrote: > Hi, > I have a ceph cluster with three nodes, and I have a cephfs, use pool > cephfs_data, cephfs_metadata, and there're also a rbd pool with name > 'rbd-test'. > > # rados lspools > .rgw.root > default.rgw.control > default.rgw.meta > default.rgw.log > cephfs_data > cephfs_metadata > default.rgw.buckets.index > default.rgw.buckets.data > rbd-test > > then I add a user with name cephfs-ct, and have 'rw' permission on pool > 'rbd-test' only. > > # ceph auth add client.cephfs-ct mon 'allow rw' osd 'allow rw pool=rbd-test' > mds 'allow rw' > added key for client.cephfs-ct > > # ceph auth ls |grep client.cephfs-ct -A4 > installed auth entries: > > client.cephfs-ct > key:AQDIPd9ZyXcTLBAAvcG82SFL3wOBAMLMcrJxMA== > caps: [mds] allow rw > caps: [mon] allow rw > caps: [osd] allow rw pool=rbd-test > > then I try to mount cephfs with this user cephfs-ct on another host, and try > to do some write operations. > > # mount -t ceph HOST:6789:/ /mnt/ceph/ -o > name=cephfs-ct,secret=AQDIPd9ZyXcTLBAAvcG82SFL3wOBAMLMcrJxMA== > # touch /mnt/ceph/testceph > # ll /mnt/ceph/testceph > -rw-r--r-- 1 root root 0 Oct 12 18:04 /mnt/ceph/testceph > > So my question, should user cephfs-ct have no write permission on pool > cephfs_data, this mean, I should can't write data under mountpoint > /mnt/ceph/?? or I'm wrong ? Because your client has "allow rw" mds permissions, it can read and write all metadata, such as listing a directory. If you tried to put some data in a file and sync it, you would find that failed. John > > thanks > > -- > Regards > Frank Yu > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |