Hi Rok, Without cephx enabled, any ceph client having network access to the Ceph mon/osd/mds can connect to the cluster and do whatever they want. E.g. delete any objects or pools or anything.
The only way I can think that this is workable would be to restrict Ceph to an isolated network and re-export CephFS using NFS Ganesha or Samba. Cheers, Dan On Tue, Jan 7, 2025 at 8:03 AM Rok Jaklič <rjak...@gmail.com> wrote: > > Hi, > > is it possible somehow to restrict client in cephfs to subdirectory without > cephx enabled? > > We do not have any auth requirements enabled in ceph. > > auth cluster required = none > auth service required = none > auth client required = none > > Kind regards, > Rok > _______________________________________________ > ceph-users mailing list -- ceph-users@ceph.io > To unsubscribe send an email to ceph-users-le...@ceph.io -- Dan van der Ster CTO @ CLYSO Try our Ceph Analyzer -- https://analyzer.clyso.com/ https://clyso.com | dan.vanders...@clyso.com _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
