[ -a | --add-key *base64_key* ]
[ --cap *subsystem* *capability* ]
[ --caps *capfile* ]
+ [ --mode *mode* ]
Description
will set all of capabilities associated with a given key, for all subsystems
+ .. option:: --mode *mode*
+
+ will set the desired file mode to the keyring e.g: 0644, defaults to 0600
+
Capabilities
============
Example
=======
-To create a new keyring containing a key for client.foo::
+To create a new keyring containing a key for client.foo with a 0644 file mode::
- ceph-authtool -C -n client.foo --gen-key keyring
+ ceph-authtool -C -n client.foo --gen-key keyring --mode 0644
To associate some capabilities with the key (namely, the ability to
mount a Ceph filesystem)::
- $ ceph-authtool kring --create-keyring
+ $ ceph-authtool kring --create-keyring --mode 0644
creating kring
$ ceph-authtool kring --add-key 'FAKEBASE64 foo'
- $ ceph-authtool kring --create-keyring
+ $ ceph-authtool kring --create-keyring --mode 0644
creating kring
$ ceph-authtool kring --add-key 'AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== 18446744073709551615'
- $ ceph-authtool kring --create-keyring --gen-key
+ $ ceph-authtool kring --create-keyring --gen-key --mode 0644
creating kring
$ ceph-authtool --cap osd 'allow rx pool=swimming' kring
- $ ceph-authtool kring --create-keyring --gen-key
+ $ ceph-authtool kring --create-keyring --gen-key --mode 0644
creating kring
# TODO is this nice?
- $ ceph-authtool kring --create-keyring --gen-key
+ $ ceph-authtool kring --create-keyring --gen-key --mode 0644
creating kring
$ ceph-authtool --cap osd 'allow rx pool=swimming' kring
- $ ceph-authtool kring --create-keyring --gen-key
+ $ ceph-authtool kring --create-keyring --gen-key --mode 0644
creating kring
$ ceph-authtool --cap osd 'allow rx pool=swimming' kring
- $ ceph-authtool kring --create-keyring
+ $ ceph-authtool kring --create-keyring --mode 0600
creating kring
$ ceph-authtool kring --list
$ ceph-authtool kring -l
[client.admin]
\\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re)
-
- $ ceph-authtool kring --create-keyring
+ $ ceph-authtool kring --create-keyring --mode 0644
creating kring
$ ceph-authtool kring --list
--cap SUBSYSTEM CAPABILITY will set the capability for given subsystem
--caps CAPSFILE will set all of capabilities associated with a
given key, for all subsystems
+ --mode MODE will set the desired file mode to the keyring
+ e.g: '0644', defaults to '0600'
[1]
--cap SUBSYSTEM CAPABILITY will set the capability for given subsystem
--caps CAPSFILE will set all of capabilities associated with a
given key, for all subsystems
+ --mode MODE will set the desired file mode to the keyring
+ e.g: '0644', defaults to '0600'
[1]
# demonstrate that manpage examples fail without config
--cap SUBSYSTEM CAPABILITY will set the capability for given subsystem
--caps CAPSFILE will set all of capabilities associated with a
given key, for all subsystems
+ --mode MODE will set the desired file mode to the keyring
+ e.g: '0644', defaults to '0600'
[1]
<< " -a BASE64, --add-key BASE64 will add an encoded key to the keyring\n"
<< " --cap SUBSYSTEM CAPABILITY will set the capability for given subsystem\n"
<< " --caps CAPSFILE will set all of capabilities associated with a\n"
- << " given key, for all subsystems"
+ << " given key, for all subsystems\n"
+ << " --mode MODE will set the desired file mode to the keyring\n"
+ << " e.g: '0644', defaults to '0600'"
<< std::endl;
exit(1);
}
bool print_key = false;
bool create_keyring = false;
bool set_auid = false;
+ int mode = 0600; // keyring file mode
std::vector<const char*>::iterator i;
/* Handle options unique to ceph-authtool
exit(1);
}
set_auid = true;
+ } else if (ceph_argparse_witharg(args, i, &val, "--mode", (char*)NULL)) {
+ std::string err;
+ mode = strict_strtoll(val.c_str(), 8, &err);
+ if (!err.empty()) {
+ cerr << "Option --mode requires an argument" << std::endl;
+ exit(1);
+ }
} else if (fn.empty()) {
fn = *i++;
} else {
if (modified) {
bufferlist bl;
keyring.encode_plaintext(bl);
- r = bl.write_file(fn.c_str(), 0600);
+ r = bl.write_file(fn.c_str(), mode);
if (r < 0) {
cerr << "could not write " << fn << std::endl;
exit(1);
projects / ceph.git / commitdiff