For controlling whether a client is allowed to create or delete
snapshots
Fixes: http://tracker.ceph.com/issues/24284
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Define the string 'all' to be a synonym for the wildcard '*'. This
avoids confusion in the event that some auth caps (typically with
ceph fs authorize) are not quoted and thus '*' is expanded by the shell.
Signed-off-by: Douglas Fuller <dfuller@redhat.com>
Change 'ceph fs authorize' to grant osd auth caps by pool tag
instead of to current data pools. This makes:
ceph fs authorize cephfs_a client.foo /bar rw
now equivalent to:
ceph auth get-or-create client.foo mon 'allow r' mds 'allow rw path=/bar' osd 'allow rw tag cephfs data=cephfs_a'
Signed-off-by: Douglas Fuller <dfuller@redhat.com>
As described in http://tracker.ceph.com/issues/17937, a client with
restricted pool access can still delete files unless a corresponding
MDS path restriction is also in place.
Signed-off-by: David Disseldorp <ddiss@suse.de>
When user is mounted a quota-restricted inode
as the root, report that inode's quota status
as the filesystem statistics in statfs.
This allows us to have a fairly convincing illusion
that someone has a filesystem to themselves, when
they're really mounting a restricted part of
the larger global filesystem.
Fixes: http://tracker.ceph.com/issues/15599
Signed-off-by: John Spray <john.spray@redhat.com>