Re: Creating a block device user with restricted access to image

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I replied to your thread a couple of days ago, maybe you didn't notice:

Restricting user access is possible on rbd image level. You can grant read/write access for one client and only read access for other clients, you have to create different clients for that, see [1] for more details.

Regards,
Eugen

[1] http://lists.ceph.com/pipermail/ceph-users-ceph.com/2018-February/024424.html



Zitat von cmonty14 <74cmonty@xxxxxxxxx>:

Hi,
I can create a block device user with this command:

ceph auth get-or-create client.{ID} mon 'profile rbd' osd 'profile
{profile name} [pool={pool-name}][, profile ...]'

Question:
How can I create a user that has access only to a specific image
created in pool <poolname>?

If this is not possible this would mean that any user with pool access
can map any image created in this pool.
In my opinion this is a security concern.

THX
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux