|
Hi all, I am playing with limiting client access to certain
subdirectories of cephfs running latest 12.2.4 and latest centos
7.4 kernel, both using kernel client and fuse I am following http://docs.ceph.com/docs/luminous/cephfs/client-auth/: To completely restrict the client to the ceph fs authorize cephfs client.foo /bar rw
When I mount this directory with fuse, this works. When I try to
mount the subdirectory directly with the kernel client, I get mount error 13 = Permission denied
This only seems to work when the root is readable. --> Is there a way to mount subdirectory with kernel client when parent in cephfs is not readable ? Then I checked the data pool with rados, but I can list/get/.. every object in the data pool using the client.foo key. I saw in the docs of master http://docs.ceph.com/docs/master/cephfs/client-auth/ that you can add a tag cephfs, but if I add this I can't write anything to cephfs anymore, so I guess this is not yet supported in luminous. --> Is there a way to limit the cephfs user to his data only (through cephfs) instead of being able to do everything on the pool, without needing a pool for every single cephfs client? Thanks!! Kenneth |
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
