On Monday, April 21, 2014, Loic Dachary <[email protected]> wrote: > Hi, > > I would like to allow users to create,use and delete RBD volumes, up to X > GB, from a single pool. The user is a Debian GNU/Linux box using krbd. The > sysadmin of the box is not trusted to have unlimited access to the Ceph > cluster but (s)he is not malicious either. Permissions and quota are > safeguards to prevent mistake. > > While it seems possible to grant access to a single pool to a given cephx > client with > > ceph-authtool -n client.foo --cap osd 'allow rwx pool=customer-pool > > and the cap parser suggests even more flexibility > > https://github.com/ceph/ceph/blob/master/src/mon/MonCap.cc#L329 > > the documentation states that it should not be done > > > http://ceph.com/docs/master/rados/operations/auth-intro/#cephx-limitations > > Suggestions about how to approach this use case are most welcome :-) > > Cheers > -- > Loïc Dachary, Artisan Logiciel Libre > > That looks fine to me. The documentation is just pointing out that cephx keys are per-host, not per-user. -Greg
-- Software Engineer #42 @ http://inktank.com | http://ceph.com
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
