Project

General

Profile

Actions
Copy link

Feature #15070

closed

mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID

Added by John Spray about 8 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Rishabh Dave
Category:
-
Target version:
Ceph - v16.0.0
% Done:

0%

Source:
Development
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol, MDSMonitor, qa-suite
Labels (FS):
multifs, task(medium)
Pull request ID:
32581

Description

Currently clients with 'mds allow r' capabilities can see any MDSMap.

We would like to be able to craft client auth caps that restrict them to only being able to see a specific set of MDSMaps. This would also restrict their ability to look up FSCIDs from filesystem names (http://tracker.ceph.com/issues/15067)

I think something like "mds r fscid=<fscid>" would make sense.

Related issues 3 (1 open2 closed)

Related to CephFS - Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCIDNew03/11/2016

Actions
Related to CephFS - Feature #47264: "fs authorize" subcommand should work for multiple FSs tooResolvedRishabh Dave

Actions
Blocks CephFS - Feature #22477: multifs: remove multifs experimental warningsResolvedPatrick Donnelly

Actions
Actions
Copy link

Also available in: Atom PDF