Hi,
In our environment, only administrator can create/delete volume,
subvolume, and subvolumegroup.
The end-users (cephfs clients) only can access(mount) their "shared
folders (sub-volume)".
I tried this configurations before:
caps: [mds] allow rw fsname=cephfs
path=/volumes/${subvolumegroup}/${subvolume}/${uuid}
caps: [mon] allow r
caps: [osd] allow rw tag cephfs data=cephfs
caps: [mgr] allow rw
however, a cephfs user could create {sub-}volumes via "ceph fs xxx" commands.
After more tests, I got I should remove this caps: [mgr] allow rw
Thanks for your reply
Yufan Chen
Bogdan Adrian Velica <vbogdan@xxxxxxxxx> 於 2024年8月27日 週二 下午9:35寫道:
>
> Hi Yufan,
>
> Could you please provide a bit more details please? In what way do you want to restrict your user (ceph client user correct?)
> How does your client look like (you can use "ceph auth get client.myuser" to get the details)
>
> Thank you,
> Bogdan V.
> croit.io
>
> On Tue, Aug 27, 2024 at 3:31 PM <wiz.chen@xxxxxxxxx> wrote:
>>
>> Hi All,
>>
>> How to restrict a user that cannot create volume, subvolumegroup, subvolume of cephfs.
>> This user just can access(mount) a subvolume only.
>>
>>
>> Thanks in advance
>>
>> Yufan Chen
>> _______________________________________________
>> ceph-users mailing list -- ceph-users@xxxxxxx
>> To unsubscribe send an email to ceph-users-leave@xxxxxxx
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
