Re: [ceph-users] UID Restrictions

2017-11-02 Thread Keane Wolter
Awesome! Thanks much again. Keane On Thu, Nov 2, 2017 at 5:23 PM, Douglas Fuller wrote: > Hi Keane, > > No problem. A fix for the gids bug should go in shortly. See: > https://github.com/ceph/ceph/pull/18689 > > Cheers, > --Doug > > On Thu, Nov 2, 2017 at 4:24 PM Keane

Re: [ceph-users] UID Restrictions

2017-11-02 Thread Douglas Fuller
Hi Keane, No problem. A fix for the gids bug should go in shortly. See: https://github.com/ceph/ceph/pull/18689 Cheers, --Doug On Thu, Nov 2, 2017 at 4:24 PM Keane Wolter wrote: > Here we go. removing the trailing slash and adding the gids parameter in > auth caps works. >

Re: [ceph-users] UID Restrictions

2017-11-02 Thread Keane Wolter
Here we go. removing the trailing slash and adding the gids parameter in auth caps works. [kwolter@um-test03 ~]$ sudo ceph auth get-or-create-key client.kwolter_test1 mon 'allow r' mds 'allow r, allow rw path=/user uid=100026 gids=100026' osd 'allow rw pool=cephfs_osiris, allow rw

Re: [ceph-users] UID Restrictions

2017-11-02 Thread Douglas Fuller
Looks like there may be a bug here. Please try: * Removing the trailing slash from path= (needs documentation or fixing) * Adding your gid to a “gids” parameter in the auth caps? (bug: we’re checking the gid when none is supplied) mds “allow r, allow rw path=/user uid=100026 gids=100026”

Re: [ceph-users] UID Restrictions

2017-11-02 Thread Keane Wolter
Hi Doug, Here is the output: [kwolter@um-test03 ~]$ sudo ceph auth get client.kwolter_test1 exported keyring for client.kwolter_test1 [client.kwolter_test1] key = caps mds = "allow r, allow rw path=/user/ uid=100026" caps mon = "allow r" caps osd = "allow rw

Re: [ceph-users] UID Restrictions

2017-11-02 Thread Douglas Fuller
Hi Keane, Could you include the output of ceph auth get client.kwolter_test1 Also, please take a look at your MDS log and see if you see an error from the file access attempt there. Thanks, —Doug > On Nov 2, 2017, at 2:24 PM, Keane Wolter wrote: > > Hi Doug, > > Here is

Re: [ceph-users] UID Restrictions

2017-11-02 Thread Keane Wolter
Hi Doug, Here is my current mds line I have for my user: caps: [mds] allow r, allow rw path=/user/ uid=100026. My results are as follows when I mount: sudo ceph-fuse --id=kwolter_test1 -k ./ceph.client.kwolter_test1.keyring -r /user/kwolter --client-die-on-failed-remount=false ceph

Re: [ceph-users] UID Restrictions

2017-11-02 Thread Douglas Fuller
Hi Keane, path= has to come before uid= mds “allow r, allow rw path=/user uid=100026, allow rw path=/project" If that doesn’t work, could you send along a transcript of your shell session in setting up the ceph user, mounting the file system, and attempting access? Thanks, —Doug > On Nov 1,

Re: [ceph-users] UID Restrictions

2017-11-01 Thread Keane Wolter
I have ownership of the directory /user/kwolter on the cephFS server and I am mounting to ~/ceph, which I also own. On Wed, Nov 1, 2017 at 2:04 PM, Gregory Farnum wrote: > Which directory do you have ownership of? Keep in mind your local > filesystem permissions do not get

Re: [ceph-users] UID Restrictions

2017-11-01 Thread Gregory Farnum
Which directory do you have ownership of? Keep in mind your local filesystem permissions do not get applied to the remote CephFS mount... On Wed, Nov 1, 2017 at 11:03 AM Keane Wolter wrote: > I am mounting a directory under /user which I am the owner of with the > permissions

Re: [ceph-users] UID Restrictions

2017-11-01 Thread Keane Wolter
I am mounting a directory under /user which I am the owner of with the permissions of 700. If I remove the uid=100026 option, I have no issues. I start having issues as soon as the uid restrictions are in place. On Wed, Nov 1, 2017 at 1:05 PM, Gregory Farnum wrote: > Well,

Re: [ceph-users] UID Restrictions

2017-11-01 Thread Gregory Farnum
Well, obviously UID 100026 needs to have the normal POSIX permissions to write to the /user path, which it probably won't until after you've done something as root to make it so... On Wed, Nov 1, 2017 at 9:57 AM Keane Wolter wrote: > Acting as UID 100026, I am able to

Re: [ceph-users] UID Restrictions

2017-11-01 Thread Keane Wolter
Acting as UID 100026, I am able to successfully run ceph-fuse and mount the filesystem. However, as soon as I try to write a file as UID 100026, I get permission denied, but I am able to write to disk as root without issue. I am looking for the inverse of this. I want to write changes to disk as

Re: [ceph-users] UID Restrictions

2017-10-25 Thread Gregory Farnum
On Mon, Oct 23, 2017 at 5:03 PM Keane Wolter wrote: > Hi Gregory, > > I did set the cephx caps for the client to: > > caps: [mds] allow r, allow rw uid=100026 path=/user, allow rw path=/project > So you’ve got three different permission granting clauses here: 1) allows the

Re: [ceph-users] UID Restrictions

2017-10-23 Thread Keane Wolter
Hi Gregory, I did set the cephx caps for the client to: caps: [mds] allow r, allow rw uid=100026 path=/user, allow rw path=/project caps: [mon] allow r caps: [osd] allow rw pool=cephfs_osiris, allow rw pool=cephfs_users Keane On Fri, Oct 20, 2017 at 5:35 PM, Gregory Farnum

Re: [ceph-users] UID Restrictions

2017-10-20 Thread Gregory Farnum
What did you actually set the cephx caps to for that client? On Fri, Oct 20, 2017 at 8:01 AM Keane Wolter wrote: > Hello all, > > I am trying to limit what uid/gid a client is allowed to run as (similar > to NFS' root squashing). I have referenced this email, >

[ceph-users] UID Restrictions

2017-10-20 Thread Keane Wolter
Hello all, I am trying to limit what uid/gid a client is allowed to run as (similar to NFS' root squashing). I have referenced this email, http://lists.ceph.com/pipermail/ceph-users-ceph.com/2017-February/016173.html, with no success. After generating the keyring, moving it to a client machine,