On Wed, Mar 2, 2016 at 9:40 AM, Василий Ангапов <[email protected]> wrote: > Greg, > Can you give us some examples of that?
Just looking at the header source, one of the examples is 'allow command foo', 'allow command bar with arg1=val1 arg2 prefix val2' So you can do things like that. Substitute "auth create" or similar for "foo" and "bar". :) > > 2016-03-02 19:34 GMT+03:00 Gregory Farnum <[email protected]>: >> On Tue, Mar 1, 2016 at 7:37 PM, chris holcombe >> <[email protected]> wrote: >>> Hey Ceph Users! >>> >>> I'm wondering if it's possible to restrict the ceph keyring to only >>> being able to run certain commands. I think the answer to this is no >>> but I just wanted to ask. I haven't seen any documentation indicating >>> whether or not this is possible. Anyone know? >> >> It *is* possible to create keyrings with access to certain commands on >> the monitor. We make use of this with our bootstrap keyrings et al; >> you can look at them for examples and see the code in >> ceph/src/mon/MonCaps.* for how it works. >> -Greg >> _______________________________________________ >> ceph-users mailing list >> [email protected] >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
