doc: discuss the standard multi-tenant CephFS security model

author Greg Farnum <gfarnum@redhat.com>

Fri, 30 Sep 2022 19:34:27 +0000 (19:34 +0000)

committer Patrick Donnelly <pdonnell@redhat.com>

Wed, 20 Sep 2023 15:36:03 +0000 (11:36 -0400)
author Greg Farnum <gfarnum@redhat.com>
Fri, 30 Sep 2022 19:34:27 +0000 (19:34 +0000)
committer Patrick Donnelly <pdonnell@redhat.com>
Wed, 20 Sep 2023 15:36:03 +0000 (11:36 -0400)
diff --git a/doc/cephfs/client-auth.rst b/doc/cephfs/client-auth.rst

index fd0faa83963a2edd78868f100a885b13a4770ccf..a7dea52518bdd3626c8f02d92c29973350c9ee50 100644 (file)
--- a/doc/cephfs/client-auth.rst
+++ b/doc/cephfs/client-auth.rst
@@ -24,6 +24,16 @@ that directory.
  To restrict clients to only mount and work within a certain directory, use
  path-based MDS authentication capabilities.
  
+Note that this restriction *only* impacts the filesystem hierarchy -- the metadata
+tree managed by the MDS. Clients will still be able to access the underlying
+file data in RADOS directly. To segregate clients fully, you must also isolate
+untrusted clients in their own RADOS namespace. You can place a client's
+filesystem subtree in a particular namespace using `file layouts`_ and then
+restrict their RADOS access to that namespace using `OSD capabilities`_
+
+.. _file layouts: ./file-layouts
+.. _OSD capabilities: ../rados/operations/user-management/#authorization-capabilities
+
  Syntax
  ------
author	Greg Farnum <gfarnum@redhat.com>
	Fri, 30 Sep 2022 19:34:27 +0000 (19:34 +0000)
committer	Patrick Donnelly <pdonnell@redhat.com>
	Wed, 20 Sep 2023 15:36:03 +0000 (11:36 -0400)