Hi Doug,
Here is the output:
[kwolter@um-test03 ~]$ sudo ceph auth get client.kwolter_test1
exported keyring for client.kwolter_test1
[client.kwolter_test1]
key = <removed>
caps mds = "allow r, allow rw path=/user/ uid=100026"
caps mon = "allow r"
caps osd = "allow rw pool=cephfs_osiris, allow rw pool=cephfs_users"
[kwolter@um-test03 ~]$
As for the logs, the only lines I get are about the ceph-fuse being mounted.
2017-11-02 14:45:53.246388 7f72d7a9e040 0 ceph version 12.2.1 (<removed>) luminous (stable), process (unknown), pid 3454195
2017-11-02 14:45:53.247947 7f72d7a9e040 0 pidfile_write: ignore empty --pid-file
2017-11-02 14:45:53.251078 7f72d7a9e040 -1 init, newargv = 0x55e035f524c0 newargc=9
Thanks,
Keane
On Thu, Nov 2, 2017 at 2:42 PM, Douglas Fuller <dfuller@xxxxxxxxxx> wrote:
Hi Keane,
Could you include the output of
ceph auth get client.kwolter_test1
Also, please take a look at your MDS log and see if you see an error from the file access attempt there.
Thanks,
—Doug
> On Nov 2, 2017, at 2:24 PM, Keane Wolter <wolterk@xxxxxxxxx> wrote:
>
> Hi Doug,
>
> Here is my current mds line I have for my user: caps: [mds] allow r, allow rw path=/user/ uid=100026. My results are as follows when I mount:
> sudo ceph-fuse --id=kwolter_test1 -k ./ceph.client.kwolter_test1.keyring -r /user/kwolter --client-die-on-failed- remount=false ceph
> ceph-fuse[3453714]: starting ceph client
> ceph-fuse[3453714]: starting fuse
> [kwolter@um-test03 ~]$
>
> I then get a permission denied when I try to add anything to the mount, even though I have matching UIDs:
> [kwolter@um-test03 ~]$ touch ceph/test.txt
> touch: cannot touch ‘ceph/test.txt’: Permission denied
> [kwolter@um-test03 ~]$ sudo touch ceph/test.txt
> touch: cannot touch ‘ceph/test.txt’: Permission denied
> [kwolter@um-test03 ~]$
>
> Thanks,
> Keane
>
> On Thu, Nov 2, 2017 at 1:15 PM, Douglas Fuller <dfuller@xxxxxxxxxx> wrote:
> Hi Keane,
>
> path= has to come before uid=
>
> mds “allow r, allow rw path=/user uid=100026, allow rw path=/project"
>
> If that doesn’t work, could you send along a transcript of your shell session in setting up the ceph user, mounting the file system, and attempting access?
>
> Thanks,
> —Doug
>
> > On Nov 1, 2017, at 2:06 PM, Keane Wolter <wolterk@xxxxxxxxx> wrote:
> >
> > I have ownership of the directory /user/kwolter on the cephFS server and I am mounting to ~/ceph, which I also own.
> >
> > On Wed, Nov 1, 2017 at 2:04 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote:
> > Which directory do you have ownership of? Keep in mind your local filesystem permissions do not get applied to the remote CephFS mount...
> >
> > On Wed, Nov 1, 2017 at 11:03 AM Keane Wolter <wolterk@xxxxxxxxx> wrote:
> > I am mounting a directory under /user which I am the owner of with the permissions of 700. If I remove the uid=100026 option, I have no issues. I start having issues as soon as the uid restrictions are in place.
> >
> > On Wed, Nov 1, 2017 at 1:05 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote:
> > Well, obviously UID 100026 needs to have the normal POSIX permissions to write to the /user path, which it probably won't until after you've done something as root to make it so...
> >
> > On Wed, Nov 1, 2017 at 9:57 AM Keane Wolter <wolterk@xxxxxxxxx> wrote:
> > Acting as UID 100026, I am able to successfully run ceph-fuse and mount the filesystem. However, as soon as I try to write a file as UID 100026, I get permission denied, but I am able to write to disk as root without issue. I am looking for the inverse of this. I want to write changes to disk as UID 100026, but not as root. From what I understood in the email at http://lists.ceph.com/pipermail/ceph-users-ceph.com/ , I should be able to do so with the following cephx caps set to "caps: [mds] allow r, allow rw path=/user uid=100026". Am I wrong with this assumption or is there something else at play I am not aware of?2017-February/016173.html
> >
> > Thanks,
> > Keane
> >
> > On Wed, Oct 25, 2017 at 5:52 AM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote:
> >
> > On Mon, Oct 23, 2017 at 5:03 PM Keane Wolter <wolterk@xxxxxxxxx> wrote:
> > Hi Gregory,
> >
> > I did set the cephx caps for the client to:
> >
> > caps: [mds] allow r, allow rw uid=100026 path=/user, allow rw path=/project
> >
> > So you’ve got three different permission granting clauses here:
> > 1) allows the client to read anything
> > 2) allows the client to act as uid 100026 in the path /user
> > 3) allows the user to do any read or write (as any user) in path /project
> >
> >
> > caps: [mon] allow r
> > caps: [osd] allow rw pool=cephfs_osiris, allow rw pool=cephfs_users
> >
> > Keane
> >
> > On Fri, Oct 20, 2017 at 5:35 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote:
> > What did you actually set the cephx caps to for that client?
> >
> > On Fri, Oct 20, 2017 at 8:01 AM Keane Wolter <wolterk@xxxxxxxxx> wrote:
> > Hello all,
> >
> > I am trying to limit what uid/gid a client is allowed to run as (similar to NFS' root squashing). I have referenced this email, http://lists.ceph.com/pipermail/ceph-users-ceph.com/ , with no success. After generating the keyring, moving it to a client machine, and mounting the filesystem with ceph-fuse, I am still able to create files with the UID and GID of root.2017-February/016173.html
> >
> > Is there something I am missing or can do to prevent root from working with a ceph-fuse mounted filesystem?
> >
> > Thanks,
> > Keane
> > wolterk@xxxxxxxxx
> > _______________________________________________
> > ceph-users mailing list
> > ceph-users@xxxxxxxxxxxxxx
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph. com
> >
> >
> >
> >
> > _______________________________________________
> > ceph-users mailing list
> > ceph-users@xxxxxxxxxxxxxx
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph. com
>
>
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
