Ceph » CephFS

As discussed on the #ceph IRC channel with gregaf and others, I would find some added level of client security in CephFS to be very useful.

I would like to be able to grant a given client key access to only a subtree (or subtrees) of the entire CephFS tree. I guess some pseudo-caps would look something like:

mon = "allow r" 
osd = "allow rw pool=guest01-data, allow r pool=common-data" 
mds = "allow rw tree=/guests/guest01, allow r tree=/guests/common" 

I think that, in order for these protections to be complete, you'd have to also have separate pools for each of these subtrees, otherwise I think someone could still enumerate all the objects in the default 'data' pool, and extract or manipulate other data. But, if it's possible to avoid that somehow, that would help make this easier to maintain with a large number of guests. Perhaps enforcing object prefixes for each of these trees would avoid the need for zillions of pools, and still allow restrictions at the OSD layer?