Hello. The documentation which I found proposes to create the ceph client for a rados gateway with very global capabilities, namely "mon allow rwx, osd allow rwx".
Are there any reasons for these very global capabilities (allowing this client to access and modify (even remove) all pools, all rbds, etc., event thiose in use vy other ceph clients? I tried to restrict the rights, and my rados gateway seems to work with capabilities "mon allow r, osd allow rwx pool=.rgw.root, allow rwx pool=a.root, allow rwx pool=am.rgw.control [etc. for all the pools which this gateway uses]" Are there any reasons not to restrict the capabilities in this way? Thank you. -- Diedrich Ehlerding, Fujitsu Technology Solutions GmbH, MIS ITST CE PS&IS WST, Hildesheimer Str 25, D-30880 Laatzen Fon +49 511 8489-1806, Fax -251806, Mobil +49 173 2464758 Firmenangaben: http://de.ts.fujitsu.com/imprint.html _______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
