Hi Rok, Without cephx enabled, any ceph client having network access to the Ceph mon/osd/mds can connect to the cluster and do whatever they want. E.g. delete any objects or pools or anything.
The only way I can think that this is workable would be to restrict Ceph to an isolated network and re-export CephFS using NFS Ganesha or Samba. Cheers, Dan On Tue, Jan 7, 2025 at 8:03 AM Rok Jaklič <[email protected]> wrote: > > Hi, > > is it possible somehow to restrict client in cephfs to subdirectory without > cephx enabled? > > We do not have any auth requirements enabled in ceph. > > auth cluster required = none > auth service required = none > auth client required = none > > Kind regards, > Rok > _______________________________________________ > ceph-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] -- Dan van der Ster CTO @ CLYSO Try our Ceph Analyzer -- https://analyzer.clyso.com/ https://clyso.com | [email protected] _______________________________________________ ceph-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
