ok. thanks. ________________________________ 发件人: Daleep Singh Bais <daleepb...@gmail.com> 发送时间: 2016年9月28日 8:14:53 收件人: 卢 迪; ceph-users@lists.ceph.com 主题: Re: 答复: [ceph-users] Ceph user manangerment question
Hi Dillon, Please check http://docs.ceph.com/docs/firefly/rados/operations/auth-intro/#ceph-authorization-caps http://docs.ceph.com/docs/jewel/rados/operations/user-management/ This might provide some information on permissions. Thanks, Daleep Singh Bais On 09/28/2016 11:28 AM, 卢 迪 wrote: Hi Daleep, Thank you for reply. I have read the document for a moment. Let me try to clarify this. In my case, I only assgin “mon ‘allow r” permission to account appuser. But, I still can mount cephfs and see the directory created before(the folder name is “test”). And, I can create a folder under this folder too. (the folder is “test2”) However, when I created and edited an text file(“test.txt”) with a read only error.When I quit with "q!", I still see the file with 0 bytes. [cid:part1.07070906.08050704@gmail.com] I'm wondering I must misunderstand something. I thought I shouldn't see this folder "test" because the user didn't have the read/write permission against any pool in this cluster. I shouldn't create the "test.txt" in this folder too because of premission.(But, I CREATED it with nothing) Let's say assigning an OS user permission(for example, Linux). I have to give read permission if a user want to read a file; If it has to execute a script, I have to grant the exeucte permission. I want to understand when and why I should assign which permssion to an user by meeting a special task. Can I find this kind of document? Thanks, Dillon ________________________________ 发件人: Daleep Singh Bais <daleepb...@gmail.com><mailto:daleepb...@gmail.com> 发送时间: 2016年9月27日 6:55:10 收件人: 卢 迪; ceph-users@lists.ceph.com<mailto:ceph-users@lists.ceph.com> 主题: Re: [ceph-users] Ceph user manangerment question Hi Dillon, Ceph uses CephX authentication, which gives permission to users on selected Pools to read / write. We give mon 'allow r' to get cluster/Crush map for client. You can refer to below URL for more information on CephX and creating user keyrings for access to selected / specific pools. http://docs.ceph.com/docs/jewel/rados/configuration/auth-config-ref/ Cephx Config Reference — Ceph Documentation<http://docs.ceph.com/docs/jewel/rados/configuration/auth-config-ref/> docs.ceph.com Deployment Scenarios¶ There are two main scenarios for deploying a Ceph cluster, which impact how you initially configure Cephx. Most first time Ceph users use ceph ... The below URL will give you information on various permissions which can be applied while creating a CephX authentication key. http://docs.ceph.com/docs/firefly/rados/operations/auth-intro/ Ceph Authentication & Authorization — Ceph Documentation<http://docs.ceph.com/docs/firefly/rados/operations/auth-intro/> docs.ceph.com Ceph Authentication & Authorization¶ Ceph is a distributed storage system where a typical deployment involves a relatively small quorum of monitors, scores of ... Hope this will give some insight and way forward to proceed. Thanks, Daleep Singh Bais On 09/27/2016 12:02 PM, 卢 迪 wrote: Hello all, I'm a newbie of Ceph. I read the document and created a ceph cluster against VM. I have a question about how to apply user managerment to the cluster. I'm not asking how to create or modify users or user privileges. I have found this in the Ceph document. I want to know: 1. Is there a way to know the usage of all privileges? For example, I created an user client.appuser with mon "allow r", this user can accsess the Ceph; If I removed the mon "allow r", it will be time out. (in this case, I mount the cluster with cephfs). If someone has these information, could you please share with me? 2. What kind of situation would you create differnet users for cluster? In currently, I user admin user to access the all cluster, such as start cluster, mount file system and etc. It looks like the appuser( I created above) can mount file system too. Is it possible to create an user liking the OS user or database user? So, one user upload some data, the others can't see them or can only read them. ceph-users mailing list ceph-users@lists.ceph.com<mailto:ceph-users@lists.ceph.com> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
