Thanks John, that works! Also works with multiple commands, e.g I granted my user access to both `ceph fs status` and `ceph status`:
mgr 'allow command "fs status", allow command "status"' ________________________________ From: John Spray <[email protected]> Sent: Tuesday, 31 July 2018 8:12:00 PM To: Linh Vu Cc: [email protected] Subject: Re: [ceph-users] Mgr cephx caps to run `ceph fs status`? On Tue, Jul 31, 2018 at 3:36 AM Linh Vu <[email protected]> wrote: > > Hi all, > > > I want a non-admin client to be able to run `ceph fs status`, either via the > ceph CLI or a python script. Adding `mgr "allow *"` to this client's cephx > caps works, but I'd like to be more specific if possible. I can't find the > complete list of mgr cephx caps anywhere, so if you could point me in the > right direction, that'd be great! Both mgr and mon caps have an "allow command" syntax that lets you restrict users to specific named commands (and even specific arguments). Internally, the mgr and the mon use the same code to intepret capabilities. I just went looking for the documentation for those mon caps and it appears not to exist! Anyway, in your case it's something like this: mgr "allow command \"fs status\"" I don't think I've ever tested this on a mgr daemon, so let us know how you get on. John > > Cheers, > > Linh > > _______________________________________________ > ceph-users mailing list > [email protected] > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com<http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com>
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
