From: John Wilkins Date: Tue, 2 Sep 2014 18:38:16 +0000 (-0700) Subject: doc: Provided additional detail on daemon-specific caps syntax. X-Git-Tag: v0.86~154^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c2443b95844c50256cab6dd32e8297809904c9a0;p=ceph.git doc: Provided additional detail on daemon-specific caps syntax. Signed-off-by: John Wilkins --- diff --git a/doc/rados/operations/user-management.rst b/doc/rados/operations/user-management.rst index bb726c34a7e7..9152deafd452 100644 --- a/doc/rados/operations/user-management.rst +++ b/doc/rados/operations/user-management.rst @@ -93,22 +93,37 @@ Authorization (Capabilities) Ceph uses the term "capabilities" (caps) to describe authorizing an authenticated user to exercise the functionality of the monitors, OSDs and metadata servers. Capabilities can also restrict access to data within a pool or -a namespace within a pool. A Ceph administrative user sets a user's +a namespace within a pool. A Ceph administrative user sets a user's capabilities when creating or updating a user. Capability syntax follows the form:: - {daemon-type} 'allow {capability} [pool={poolname}] [namespace={namespace-name}]' + {daemon-type} 'allow {capability}' [{daemon-type} 'allow {capability}'] -The daemon types include: -- ``mon`` -- ``osd`` -- ``mds`` +- **Monitor Caps:** Monitor capabilities include ``r``, ``w``, ``x`` and + ``allow profile {cap}``. For example:: + + mon 'allow rwx` + mon 'allow profile osd' + +- **OSD Caps:** OSD capabilities include ``r``, ``w``, ``x``, ``class-read``, + ``class-write`` and ``profile osd``. Additionally, OSD capabilities also + allow for pool and namespace settings. :: + + osd 'allow {capability}' [pool={poolname}] [namespace={namespace-name}] + +- **Metadata Server Caps:** Metadata server capability simply requires ``allow``, + or blank and does not parse anything further. :: + + mds 'allow' + .. note:: The Ceph Object Gateway daemon (``radosgw``) is a client of the - Ceph Storage Cluster, so it isn't represented as a daemon type. + Ceph Storage Cluster, so it isn't represented as a Ceph Storage + Cluster daemon type. +The following entries describe each capability. ``allow`` @@ -160,6 +175,12 @@ The daemon types include: heartbeat traffic and status reporting. +``profile mds`` + +:Description: Gives a user permissions to connect as a MDS to other MDSs or + monitors. + + ``profile bootstrap-osd`` :Description: Gives a user permissions to bootstrap an OSD. Conferred on