Hi Dillon, Please check http://docs.ceph.com/docs/firefly/rados/operations/auth-intro/#ceph-authorization-caps
http://docs.ceph.com/docs/jewel/rados/operations/user-management/ This might provide some information on permissions. Thanks, Daleep Singh Bais On 09/28/2016 11:28 AM, 卢 迪 wrote: > > Hi Daleep, > > > > Thank you for reply. > > I have read the document for a moment. Let me try to clarify this. > > > > In my case, I only assgin “mon ‘allow r” permission to account > appuser. But, I still can mount cephfs and see the directory created > before(the folder name is “test”). > > > And, I can create a folder under this folder too. (the folder is “test2”) > > However, when I created and edited an text file(“test.txt”) with aread > onlyerror.When I quit with "q!", I still see the file with 0 bytes. > > > > I'm wondering I must misunderstand something. I thought I shouldn't > see this folder "test" because the user didn't have the read/write > permission against any pool in this cluster. I shouldn't create the > "test.txt" in this folder too because of premission.(But, I CREATED it > with nothing) > > > > Let's say assigning an OS user permission(for example, Linux). I have > to give read permission if a user want to read a file; If it has to > execute a script, I have to grant the exeucte permission. I want to > understand when and why I should assign which permssion to an user by > meeting a special task. Can I find this kind of document? > > > > Thanks, > > Dillon > > ------------------------------------------------------------------------ > *发件人:* Daleep Singh Bais <daleepb...@gmail.com> > *发送时间:* 2016年9月27日 6:55:10 > *收件人:* 卢 迪; ceph-users@lists.ceph.com > *主题:* Re: [ceph-users] Ceph user manangerment question > > Hi Dillon, > > Ceph uses CephX authentication, which gives permission to users on > selected Pools to read / write. We give mon 'allow r' > to get cluster/Crush map for client. > > You can refer to below URL for more information on CephX and creating > user keyrings for access to selected / specific pools. > > http://docs.ceph.com/docs/jewel/rados/configuration/auth-config-ref/ > Cephx Config Reference — Ceph Documentation > <http://docs.ceph.com/docs/jewel/rados/configuration/auth-config-ref/> > docs.ceph.com > Deployment Scenarios¶ There are two main scenarios for deploying a > Ceph cluster, which impact how you initially configure Cephx. Most > first time Ceph users use ceph ... > > > > > The below URL will give you information on various permissions which > can be applied while creating a CephX authentication key. > > http://docs.ceph.com/docs/firefly/rados/operations/auth-intro/ > Ceph Authentication & Authorization — Ceph Documentation > <http://docs.ceph.com/docs/firefly/rados/operations/auth-intro/> > docs.ceph.com > Ceph Authentication & Authorization¶ Ceph is a distributed storage > system where a typical deployment involves a relatively small quorum > of monitors, scores of ... > > > > > Hope this will give some insight and way forward to proceed. > > Thanks, > > Daleep Singh Bais > > On 09/27/2016 12:02 PM, 卢 迪 wrote: >> >> Hello all, >> >> >> I'm a newbie of Ceph. I read the document and created a ceph cluster >> against VM. I have a question about how to apply user managerment to >> the cluster. I'm not asking how to create or modify users or user >> privileges. I have found this in the Ceph document. >> >> >> I want to know: >> >> >> 1. Is there a way to know the usage of all privileges? For example, I >> created an user client.appuser with mon "allow r", this user can >> accsess the Ceph; If I removed the mon "allow r", it will be time >> out. (in this case, I mount the cluster with cephfs). If someone has >> these information, could you please share with me? >> >> >> 2. What kind of situation would you create differnet users for >> cluster? In currently, I user admin user to access the all cluster, >> such as start cluster, mount file system and etc. It looks like the >> appuser( I created above) can mount file system too. Is it possible >> to create an user liking the OS user or database user? So, one user >> upload some data, the others can't see them or can only read them. >> >> >> ceph-users mailing list >> ceph-users@lists.ceph.com >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
