Re: [ceph-users] CEPH FS - all_squash option equivalent

Wed, 02 Mar 2016 23:23:22 -0800 

Thanks for your reply.

Server :
[root@ceph-1 ~]# rpm -qa | grep ceph
ceph-mon-0.94.1-13.el7cp.x86_64
ceph-radosgw-0.94.1-13.el7cp.x86_64
ceph-0.94.1-13.el7cp.x86_64
ceph-osd-0.94.1-13.el7cp.x86_64
ceph-deploy-1.5.25-1.el7cp.noarch
ceph-common-0.94.1-13.el7cp.x86_64
[root@ceph-1 ~]# uname -a
Linux ceph-1.qa.lab.tlv.redhat.com 3.10.0-327.el7.x86_64 #1 SMP Thu Oct 29
17:29:29 EDT 2015 x86_64 x86_64 x86_64 GNU/Linux

Client:
[root@RHEL7 ~]# rpm -qa | grep ceph
ceph-fuse-0.94.6-0.el7.x86_64
python-cephfs-0.94.6-0.el7.x86_64
libcephfs1-0.94.6-0.el7.x86_64
ceph-common-0.94.6-0.el7.x86_64
ceph-0.94.6-0.el7.x86_64

[root@RHEL7 ~]# uname -a
Linux RHEL7.1Server 3.10.0-229.26.1.el7.x86_64 #1 SMP Fri Dec 11 16:53:27
EST 2015 x86_64 x86_64 x86_64 GNU/Linux


[root@RHEL7 ~]# su - sanlock -s /bin/bash
Last login: Wed Mar  2 14:06:34 IST 2016 on pts/0
-bash-4.2$ whoami
sanlock
-bash-4.2$ touch /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test
touch: cannot touch ‘/rhev/data-center/mnt/ceph-1.qa.lab:6789:_1111/test’:
Permission denied


[root@RHEL7 ~]# su - vdsm -s /bin/bash
Last login: Wed Mar  2 12:19:11 IST 2016 on pts/1
-bash-4.2$ touch /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test
-bash-4.2$ rm /rhev/data-center/mnt/ceph-1.qa.lab\:6789\:_1111/test
-bash-4.2$

Permissions of directory :
ll
total 0
drwxr-xr-x 1 vdsm kvm 0 Mar  2 14:08 1111



On Wed, Mar 2, 2016 at 6:25 PM, Gregory Farnum <gfar...@redhat.com> wrote:

> On Wed, Mar 2, 2016 at 4:21 AM, Fred Rolland <froll...@redhat.com> wrote:
> > Hi,
> >
> > I am trying to use CEPH FS in oVirt (RHEV).
> > The mount is created OK, however, the hypervisor need access to the mount
> > from different users (eg: vdsm, sanlock)
> > It seems that Sanlock user is having permissions issues.
> >
> > When using NFS, configuring the export as all_squash and defining
> > anonuid/anongid will solve this problem [1].
> >
> > Is there a possibility to configure in Ceph FS an equivalent to NFS
> > all_squash/anonuid/anongid ?
>
> What version of Ceph are you running? Newer versions have added a
> security model and include *some* UID squashing features, but prior to
> Infernalis, CephFS didn't do any security checking at all (it was all
> client-side in the standard VFS).
> -Greg
>

_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to