]> git.apps.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a177b47) | patch
mds: add root_squash mode in MDS auth caps
authorRamana Raja <rraja@redhat.com>
Sun, 2 Aug 2020 12:53:43 +0000 (18:23 +0530)
committerRamana Raja <rraja@redhat.com>
Fri, 25 Sep 2020 09:04:35 +0000 (14:34 +0530)
commite1c52207809cbd6408311b01460d4fcc2f987b4c
treed5b75586e8a74dba190aadab2786b6033eb981a7tree | snapshot
parenta177b470aa48a84e5346b310efa4fd626025dbfacommit | diff
mds: add root_squash mode in MDS auth caps

Implement a root_squash mode in MDS auth caps to deny operations for
clients with uid=0 or gid=0 that need write access. It's mainly to
prevent operations such as accidental `sudo rm -rf /path`.

The root squash mode can be enforced in one of the following ways in
the MDS caps,
  'allow rw root_squash'
  (across file systems)
          or
  'allow rw fsname=a root_squash'
  (on a file system)
          or
  'allow rw fsname=a path=/vol/group/subvol00 root_squash'
  (on a file system path)

Fixes: https://tracker.ceph.com/issues/42451
Signed-off-by: Ramana Raja <rraja@redhat.com>
PendingReleaseNotes diff | blob | history
doc/cephfs/client-auth.rst diff | blob | history
qa/tasks/cephfs/test_admin.py diff | blob | history
src/mds/MDSAuthCaps.cc diff | blob | history
src/mds/MDSAuthCaps.h diff | blob | history
src/mon/AuthMonitor.cc diff | blob | history
src/test/mds/TestMDSAuthCaps.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.