Documentation #11750
closedCan't create image with format 2 with non-admin user
0%
Description
Hi,
we are trying to create an image in a pool as a non-admin user with --image-format 2:
$ rbd -p POOL --keyring ceph.client.XXX.keyring --id XXX create --image-format 2 --size 32 test-disk1 2015-05-24 14:04:14.057451 7f4286989840 -1 librbd: error setting image id: (1) Operation not permitted rbd: create error: (1) Operation not permitted
Using --image-format 1 works as expected.
Using the admin user/key works with --image-format 2
The user's caps are:
client.XXX
key: XXXXXXXXXXXXXXXXXXXXXXXX
caps: [mon] allow r
caps: [osd] allow rw pool=POOL
All other operations with the user, including creating an image with format 1, are working.
Version:
ceph version 0.94.1 (e4bfad3a3c51054df7e537a724c8d0bf9be972ff)
Thanks for looking into this!
Paul
Updated by Jason Dillaman almost 9 years ago
- Status changed from New to Need More Info
RBD format 2 images require the execute capability on the OSD. Can you please retest and update the ticket with the results? Thanks.
Updated by Paul Emmerich almost 9 years ago
Thanks, that fixed it.
I'd suggest to update the "User Management" documentation at http://ceph.com/docs/master/rados/operations/user-management/ with this information.
It currently says
A typical user has at least read capabilities on the Ceph monitor and read and write capability on Ceph OSDs.
and gives this as an example:
ceph auth add client.john mon 'allow r' osd 'allow rw pool=liverpool'
It should probably explain the effects of execute permissions.
Updated by Jason Dillaman almost 9 years ago
- Tracker changed from Bug to Documentation
Updated by Jason Dillaman almost 9 years ago
- Tracker changed from Documentation to Cleanup
Updated by Jason Dillaman almost 9 years ago
- Tracker changed from Cleanup to Bug
- Status changed from Need More Info to New
- Regression set to No
Updated by Jason Dillaman almost 9 years ago
- Tracker changed from Bug to Documentation
Updated by Jason Dillaman over 6 years ago
- Status changed from New to Resolved
Luminous documentation includes details for using the new "profile rbd" caps