From: John Spray <john.spray@redhat.com>
Date: Thu, 19 Jan 2017 05:23:42 +0000 (+0100)
Subject: doc: clarify the path restriction mds cap example
X-Git-Tag: v12.0.0~6^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=936bab6d59798ed225e02dfddac02b2222d1c698;p=ceph.git

doc: clarify the path restriction mds cap example

It's not obvious as written that the example was
only restricting writes to a path, not reads.

Signed-off-by: John Spray <john.spray@redhat.com>
---

diff --git a/doc/cephfs/client-auth.rst b/doc/cephfs/client-auth.rst
index 8d6db4e4e4ad..aa49aa568287 100644
--- a/doc/cephfs/client-auth.rst
+++ b/doc/cephfs/client-auth.rst
@@ -29,10 +29,21 @@ directory while creating key for a client following the undermentioned syntax. :
 
 ./ceph auth get-or-create client.*client_name* mon 'allow r' mds 'allow r, allow rw path=/*specified_directory*' osd 'allow rw pool=data'
 
-for example, to restrict client ``foo`` to ``bar`` directory, we will use. ::
+for example, to restrict client ``foo`` to writing only in the ``bar`` directory,
+we will use: ::
 
 ./ceph auth get-or-create client.foo mon 'allow r' mds 'allow r, allow rw path=/bar' osd 'allow rw pool=data'
 
+To completely restrict the client to the ``bar`` directory, omit the
+unqualified "allow r" clause: ::
+
+./ceph auth get-or-create client.foo mon 'allow r' mds 'allow rw path=/bar' osd 'allow rw pool=data'
+
+Note that if a client's read access is restricted to a path, they will only
+be able to mount the filesystem when specifying a readable path in the
+mount command (see below).
+
+
 See `User Management - Add a User to a Keyring`_. for additional details on user management
 
 To restrict a client to the specfied sub-directory only, we mention the specified