.SH CAPS FILE FORMAT
The caps file format consists of zero or more key/value pairs. The key is the name of the Ceph
subsystem (osd, mds, mon). The value is a comma separated list of allow, deny clauses with a permission
-specifier containing one or more of \fIrwx\fP, for read, write, and execute permission. For
+specifier containing one or more of \fIrwx\fP, for read, write, and execute permission. If you want to declare the key an administrator (with full privileges on everything), use the shorthand 'subsystem = "allow *"'. For
example,
.IP
-osd = "allow rwx [pool foo]" # can read, write, and execute objects
+osd = "allow rwx [pool foo] [auid bar]" # can read, write, and execute objects
.IP
mds = "allow" # can access mds server
.IP
mds = "allow"
.IP
osd = "allow rw pool data"
+.IP
+mon = "allow r"
.PP
.SH EXAMPLE
To create a new keyring containing a key for \fIclient.foo\fP:
* License version 2.1, as published by the Free Software
* Foundation. See file COPYING.
*
+ * MonCaps: Hold the capabilities associated with a single authenticated
+ * user key. These are specified by text strings of the form
+ * "allow r" (which allows reading of the cluster state)
+ * "allow rwx auid foo[,bar,baz]" (which allows full access to listed auids)
+ * "allow rw service_name" (which allows reading and writing to the named
+ * service type)
+ * "allow *" (which allows full access to EVERYTHING)
*/
#ifndef __MONCAPS_H
* License version 2.1, as published by the Free Software
* Foundation. See file COPYING.
*
+ * OSDCaps: Hold the capabilities associated with a single authenticated
+ * user key. These are specified by text strings of the form
+ * "allow r" (which allows reading anything on the OSD)
+ * "allow rwx auid foo[,bar,baz]" (which allows full access to listed auids)
+ * "allow rwx pool foo[,bar,baz]" (which allows full access to listed pools)
+ * "allow *" (which allows full access to EVERYTHING)
*/
#ifndef __CEPH_OSDCAPS_H
projects / ceph.git / commitdiff