Re: cephfs client permission restrictions?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 23, 2022 at 8:18 AM Wyll Ingersoll
<wyllys.ingersoll@xxxxxxxxxxxxxx> wrote:
>
> Is it possible to craft a cephfs client authorization key that will allow the client read/write access to a path within the FS, but NOT allow the client to modify the permissions of that path?
> For example, allow RW access to /cephfs/foo (path=/foo) but prevent the client from modifying permissions on /foo.

Cephx won't do this on its own.— it enforces subtree-based access and
can restrict clients to acting as a specific (set of) uid/gids, but it
doesn't add extra stuff on top of that. (Modifying permissions is, you
know, a write.)

This is part of the standard Linux security model though, right? So
you can make somebody else the owner and give your restricted user
access via a group.
-Greg

>
> thanks,
>   Wyllys Ingersoll
>
> _______________________________________________
> ceph-users mailing list -- ceph-users@xxxxxxx
> To unsubscribe send an email to ceph-users-leave@xxxxxxx
>

_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux