|
Thanks John, that works! Also works with multiple commands, e.g I granted my user access to both `ceph fs status` and `ceph status`:
mgr 'allow command "fs status", allow command "status"' From: John Spray <jspray@xxxxxxxxxx>
Sent: Tuesday, 31 July 2018 8:12:00 PM To: Linh Vu Cc: ceph-users@xxxxxxxxxxxxxx Subject: Re: Mgr cephx caps to run `ceph fs status`? On Tue, Jul 31, 2018 at 3:36 AM Linh Vu <vul@xxxxxxxxxxxxxx> wrote:
> > Hi all, > > > I want a non-admin client to be able to run `ceph fs status`, either via the ceph CLI or a python script. Adding `mgr "allow *"` to this client's cephx caps works, but I'd like to be more specific if possible. I can't find the complete list of mgr cephx caps anywhere, so if you could point me in the right direction, that'd be great! Both mgr and mon caps have an "allow command" syntax that lets you restrict users to specific named commands (and even specific arguments). Internally, the mgr and the mon use the same code to intepret capabilities. I just went looking for the documentation for those mon caps and it appears not to exist! Anyway, in your case it's something like this: mgr "allow command \"fs status\"" I don't think I've ever tested this on a mgr daemon, so let us know how you get on. John > > Cheers, > > Linh > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com |
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
