Project

General

Profile

Actions
Copy link

Feature #59388

open

mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gids

Added by Rishabh Dave about 1 year ago. Updated 10 months ago.

Status:
Pending Backport
Priority:
High
Assignee:
Rishabh Dave
Category:
Correctness/Safety
Target version:
Ceph - v19.0.0
% Done:

0%

Source:
Tags:
backport_processed
Backport:
reef,quincy,pacific
Reviewed:
Affected Versions:
Component(FS):
MDS
Labels (FS):
Pull request ID:
51317

Description

MDS capabilities can take 5 parameters: FS name, path, root squash, UID and GIDs. It's possible to have first 3 together in a MDS cap and also to have later 2 together in a MDS cap. But it's not possible to combine the two group fully or partially.

Following commands run successfully -

MONCAP="allow rw" 
OSDCAP="allow rw tag cephfs data=a" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=cephfs1" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=cephfs1 path=dir1/dir2" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw uid=1000" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw gids=1000,1001,1002" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw uid=1000 gids=1000,1001,1002"

But following commands don't run successfully -

ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=a uid=1000" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=a gids=1000,1001,1002" 
ceph auth add client.x mon "$MONCAP" osd "$OSDCAP" mds "allow rw fsname=a uid=1000 gids=1000,1001,1002"

Same goes when path and/or root_squash (with or without fsname) is combined with UID and/or GIDs. Following error is printed in each of these cases Error EINVAL: mds capability parse failed.

This shouldn't be the case. It should be possible to combine in a cap UID and GID with FS name/FS path/root squash.

Related issues 3 (2 open1 closed)

Copied to CephFS - Backport #62026: reef: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gidsIn ProgressRishabh DaveActions
Copied to CephFS - Backport #62027: quincy: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gidsIn ProgressRishabh DaveActions
Copied to CephFS - Backport #62028: pacific: mds/MDSAuthCaps: "fsname", path, root_squash can't be in same cap with uid and/or gidsRejectedRishabh DaveActions
Actions
Copy link

Also available in: Atom PDF