On Thu, Feb 9, 2017 at 11:11 AM, Jim Kilborn <[email protected]> wrote: > Does cephfs have an option for root squash, like nfs mounts do? > I am trying to figure out how to allow my users to have sudo on their > workstation, but not have that root access to the ceph kernel mounted volume. > > Can’t seem to find anything. Using cephx for the mount, but can’t find a > “root squash” type option for mount > sudo still allows them to nuke the whole filesystem from the client.
The CephX security capabilities let you specify what uid/gid the client is allowed to operate as. Looks like http://docs.ceph.com/docs/master/cephfs/client-auth/ doesn't include that :/ but the syntax would just be "allow rw path=/foo uid=1 gids=1,2" That lets a specified client read and write data only within the "/foo" directory, and only while acting as user 1 with groups 1 and 2. -Greg _______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
