Re: I have some problem to mount ceph file system
That's not an option any more, since malicious clients can fake it so easily. :( On Wednesday, May 23, 2012 at 10:35 PM, FrankWOO Su wrote: So in this version, can i do some settings about mount command limited by IP ? any example ?? Thanks -Frank 2012/5/24 Sage Weil s...@inktank.com (mailto:s...@inktank.com) On Wed, 23 May 2012, Gregory Farnum wrote: On Wed, May 23, 2012 at 1:51 AM, Frank frankwoo@gmail.com (mailto:frankwoo@gmail.com) wrote: Hello I have a question about ceph. When I mount ceph, I do the command as follow : # mount -t ceph -o name=admin,secret=XX 10.1.0.1:6789/ (http://10.1.0.1:6789/) /mnt/ceph -vv now I create an user foo and make a secretkey by ceph-authtool like that : # ceph-authtool /etc/ceph/keyring.bin -n client.foo --gen-key then I add the key into ceph : # ceph auth add client.foo osd 'allow *' mon 'allow *' mds 'allow' -i /etc/ceph/keyring.bin so i can mount ceph by foo : # mount -t ceph -o name=foo,secret=XOXOXO 10.1.0.1:6789/ (http://10.1.0.1:6789/) /mnt/ceph -vv my question is if i don't want foo that has permission to mount 10.1.0.1:6789/ (http://10.1.0.1:6789/) HOW TO DO ITÿÿ if there is a directory foo I want he can mount 10.1.0.1:6789:/foo/ but have no access to mount 10.1.0.1:6789:/ I'm afraid that's not an option with Ceph right now, that I'm aware of. It was built and designed for a trusted set of servers and clients, and while we're slowly carving out areas of security, this isn't one we've done yet. If it's an important feature for you, you should create a feature request in the tracker (tracker.newdream.net (http://tracker.newdream.net)) for it, which we will prioritize and work on once we've moved to focus on the full filesystem. :) http://tracker.newdream.net/issues/1237 (tho the final config will probably not look like that; suggestions welcome.) sag -- To unsubscribe from this list: send the line unsubscribe ceph-devel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
I have some problem to mount ceph file system
Hello I have a question about ceph. When I mount ceph, I do the command as follow : # mount -t ceph -o name=admin,secret=XX 10.1.0.1:6789/ /mnt/ceph -vv now I create an user foo and make a secretkey by ceph-authtool like that : # ceph-authtool /etc/ceph/keyring.bin -n client.foo --gen-key then I add the key into ceph : # ceph auth add client.foo osd 'allow *' mon 'allow *' mds 'allow' -i /etc/ceph/keyring.bin so i can mount ceph by foo : # mount -t ceph -o name=foo,secret=XOXOXO 10.1.0.1:6789/ /mnt/ceph -vv my question is if i don't want foo that has permission to mount 10.1.0.1:6789/ HOW TO DO IT? if there is a directory foo I want he can mount 10.1.0.1:6789:/foo/ but have no access to mount 10.1.0.1:6789:/ Thanks, Frank -- To unsubscribe from this list: send the line unsubscribe ceph-devel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: I have some problem to mount ceph file system
On Wed, May 23, 2012 at 1:51 AM, Frank frankwoo@gmail.com wrote: Hello I have a question about ceph. When I mount ceph, I do the command as follow : # mount -t ceph -o name=admin,secret=XX 10.1.0.1:6789/ /mnt/ceph -vv now I create an user foo and make a secretkey by ceph-authtool like that : # ceph-authtool /etc/ceph/keyring.bin -n client.foo --gen-key then I add the key into ceph : # ceph auth add client.foo osd 'allow *' mon 'allow *' mds 'allow' -i /etc/ceph/keyring.bin so i can mount ceph by foo : # mount -t ceph -o name=foo,secret=XOXOXO 10.1.0.1:6789/ /mnt/ceph -vv my question is if i don't want foo that has permission to mount 10.1.0.1:6789/ HOW TO DO IT? if there is a directory foo I want he can mount 10.1.0.1:6789:/foo/ but have no access to mount 10.1.0.1:6789:/ I'm afraid that's not an option with Ceph right now, that I'm aware of. It was built and designed for a trusted set of servers and clients, and while we're slowly carving out areas of security, this isn't one we've done yet. If it's an important feature for you, you should create a feature request in the tracker (tracker.newdream.net) for it, which we will prioritize and work on once we've moved to focus on the full filesystem. :) -Greg -- To unsubscribe from this list: send the line unsubscribe ceph-devel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: I have some problem to mount ceph file system
On Wed, 23 May 2012, Gregory Farnum wrote: On Wed, May 23, 2012 at 1:51 AM, Frank frankwoo@gmail.com wrote: Hello I have a question about ceph. When I mount ceph, I do the command as follow : # mount -t ceph -o name=admin,secret=XX 10.1.0.1:6789/ /mnt/ceph -vv now I create an user foo and make a secretkey by ceph-authtool like that : # ceph-authtool /etc/ceph/keyring.bin -n client.foo --gen-key then I add the key into ceph : # ceph auth add client.foo osd 'allow *' mon 'allow *' mds 'allow' -i /etc/ceph/keyring.bin so i can mount ceph by foo : # mount -t ceph -o name=foo,secret=XOXOXO 10.1.0.1:6789/ /mnt/ceph -vv my question is if i don't want foo that has permission to mount 10.1.0.1:6789/ HOW TO DO ITÿÿ if there is a directory foo I want he can mount 10.1.0.1:6789:/foo/ but have no access to mount 10.1.0.1:6789:/ I'm afraid that's not an option with Ceph right now, that I'm aware of. It was built and designed for a trusted set of servers and clients, and while we're slowly carving out areas of security, this isn't one we've done yet. If it's an important feature for you, you should create a feature request in the tracker (tracker.newdream.net) for it, which we will prioritize and work on once we've moved to focus on the full filesystem. :) http://tracker.newdream.net/issues/1237 (tho the final config will probably not look like that; suggestions welcome.) sage