Re: [ceph-users] minimal ceph permissions for rados gateway

2013-06-13 Thread John Nielsen
On Jun 13, 2013, at 4:03 PM, Yehuda Sadeh wrote: > On Thu, Jun 13, 2013 at 3:01 PM, John Nielsen wrote: >> On Jun 12, 2013, at 8:15 PM, Yehuda Sadeh wrote: >> >>> On Wed, Jun 12, 2013 at 2:43 PM, John Nielsen wrote: With: caps osd = "allow x, allow pool .pubintent-log rw

Re: [ceph-users] minimal ceph permissions for rados gateway

2013-06-13 Thread Yehuda Sadeh
On Thu, Jun 13, 2013 at 3:01 PM, John Nielsen wrote: > On Jun 12, 2013, at 8:15 PM, Yehuda Sadeh wrote: > >> On Wed, Jun 12, 2013 at 2:43 PM, John Nielsen wrote: >>> On Jun 12, 2013, at 2:51 PM, Yehuda Sadeh wrote: >>> On Wed, Jun 12, 2013 at 1:48 PM, John Nielsen wrote: > On Jun 12,

Re: [ceph-users] minimal ceph permissions for rados gateway

2013-06-13 Thread John Nielsen
On Jun 12, 2013, at 8:15 PM, Yehuda Sadeh wrote: > On Wed, Jun 12, 2013 at 2:43 PM, John Nielsen wrote: >> On Jun 12, 2013, at 2:51 PM, Yehuda Sadeh wrote: >> >>> On Wed, Jun 12, 2013 at 1:48 PM, John Nielsen wrote: On Jun 12, 2013, at 2:02 PM, Yehuda Sadeh wrote: > On Wed, Ju

Re: [ceph-users] minimal ceph permissions for rados gateway

2013-06-12 Thread Yehuda Sadeh
On Wed, Jun 12, 2013 at 2:43 PM, John Nielsen wrote: > On Jun 12, 2013, at 2:51 PM, Yehuda Sadeh wrote: > >> On Wed, Jun 12, 2013 at 1:48 PM, John Nielsen wrote: >>> On Jun 12, 2013, at 2:02 PM, Yehuda Sadeh wrote: >>> On Wed, Jun 12, 2013 at 12:59 PM, John Nielsen wrote: > After upda

Re: [ceph-users] minimal ceph permissions for rados gateway

2013-06-12 Thread John Nielsen
On Jun 12, 2013, at 2:51 PM, Yehuda Sadeh wrote: > On Wed, Jun 12, 2013 at 1:48 PM, John Nielsen wrote: >> On Jun 12, 2013, at 2:02 PM, Yehuda Sadeh wrote: >> >>> On Wed, Jun 12, 2013 at 12:59 PM, John Nielsen wrote: After updating to Cuttlefish I was able to set up two rados gateways us

Re: [ceph-users] minimal ceph permissions for rados gateway

2013-06-12 Thread Yehuda Sadeh
On Wed, Jun 12, 2013 at 1:48 PM, John Nielsen wrote: > On Jun 12, 2013, at 2:02 PM, Yehuda Sadeh wrote: > >> On Wed, Jun 12, 2013 at 12:59 PM, John Nielsen wrote: >>> After updating to Cuttlefish I was able to set up two rados gateways using >>> distinct pools and users. (Thanks Yehuda!) Now I'

Re: [ceph-users] minimal ceph permissions for rados gateway

2013-06-12 Thread John Nielsen
On Jun 12, 2013, at 2:02 PM, Yehuda Sadeh wrote: > On Wed, Jun 12, 2013 at 12:59 PM, John Nielsen wrote: >> After updating to Cuttlefish I was able to set up two rados gateways using >> distinct pools and users. (Thanks Yehuda!) Now I'd like to make it so the >> user for each gateway can only

[ceph-users] minimal ceph permissions for rados gateway

2013-06-12 Thread John Nielsen
After updating to Cuttlefish I was able to set up two rados gateways using distinct pools and users. (Thanks Yehuda!) Now I'd like to make it so the user for each gateway can only access its own pools and nothing else. The reasons include security and preventing foot-shooting. Instead of simply

Re: [ceph-users] minimal ceph permissions for rados gateway

2013-06-12 Thread Yehuda Sadeh
On Wed, Jun 12, 2013 at 12:59 PM, John Nielsen wrote: > After updating to Cuttlefish I was able to set up two rados gateways using > distinct pools and users. (Thanks Yehuda!) Now I'd like to make it so the > user for each gateway can only access its own pools and nothing else. The > reasons in