On Mon, Oct 23, 2017 at 5:03 PM Keane Wolter <wolt...@umich.edu> wrote:
> Hi Gregory, > > I did set the cephx caps for the client to: > > caps: [mds] allow r, allow rw uid=100026 path=/user, allow rw path=/project > So you’ve got three different permission granting clauses here: 1) allows the client to read anything 2) allows the client to act as uid 100026 in the path /user 3) allows the user to do any read or write (as any user) in path /project caps: [mon] allow r > caps: [osd] allow rw pool=cephfs_osiris, allow rw pool=cephfs_users > > Keane > > On Fri, Oct 20, 2017 at 5:35 PM, Gregory Farnum <gfar...@redhat.com> > wrote: > >> What did you actually set the cephx caps to for that client? >> >> On Fri, Oct 20, 2017 at 8:01 AM Keane Wolter <wolt...@umich.edu> wrote: >> >>> Hello all, >>> >>> I am trying to limit what uid/gid a client is allowed to run as (similar >>> to NFS' root squashing). I have referenced this email, >>> http://lists.ceph.com/pipermail/ceph-users-ceph.com/2017-February/016173.html, >>> with no success. After generating the keyring, moving it to a client >>> machine, and mounting the filesystem with ceph-fuse, I am still able to >>> create files with the UID and GID of root. >>> >>> Is there something I am missing or can do to prevent root from working >>> with a ceph-fuse mounted filesystem? >>> >>> Thanks, >>> Keane >>> wolt...@umich.edu >>> _______________________________________________ >>> ceph-users mailing list >>> ceph-users@lists.ceph.com >>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >>> >> >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
