RepoMirrors
/
ceph
mirror of https://github.com/ceph/ceph
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ceph/doc/cephfs/path-based restriction.rst

32 lines
1.3 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

================================
Restrict Access to a Directory
================================
CephFS mostly assumes a controlled environment where clients are not restricted
in what paths they are allowed to mount. And if they do mount a subdirectory,
e.g., /home/user, the MDS does not currently verify that subsequent operations
are locked within that directory. Path-based restriction allows us to restrict
a client to a particular directory in the file system.
Syntax
======
To grant rw access to the specified directory only, we mention the specified
directory while creating key for a client following the undermentioned syntax. ::
./ceph auth get-or-create client.*client_name* mon 'allow r' mds 'allow r, allow rw path=/*specified_directory*' osd 'allow rwx'
for example, to restrict client ``foo`` to ``bar`` directory, we will use. ::
./ceph auth get-or-create client.foo mon 'allow r' mds 'allow r, allow rw path=/bar' osd 'allow rwx'
To restrict a client to the specfied sub-directory only, we mention the specified
directory while mounting following the undermentioned syntax. ::
./ceph-fuse -n client.*client_name* *mount_path* -r *directory_to_be_mounted*
for example, to restrict client ``foo`` to ``mnt/bar`` directory, we will use. ::
./ceph-fuse -n client.foo mnt -r /bar
Reference in New Issue View Git Blame Copy Permalink