On Tue, Oct 25, 2022 at 3:36 AM Xiubo Li <xiubli@xxxxxxxxxx> wrote: > Currently cephx permission has already supported the 's' permission, > which means you can do the snapshot create/remove. And for a privileged > or specific mounts you can give them the 's' permission and then only > they can do the snapshot create/remove. And all the others won't. But that's a client permission, not a user permission. I repeat: the problem is that snapshots should only be accessible/discoverable/creatable by certain users (UIDs/GIDs) on the client machine, independent of their permission on the parent directory. My patch decouples parent directory permissions from snapdir permissions, and it's a simple and elegant solution to my problem. > And then use the container or something else to make the specific users > could access to them. Sorry, I don't get it at all. What is "the container or something" and how does it enable me to prevent specific users from accessing snapdirs in their home directories?
