From: David Disseldorp <ddiss@suse.de>
Date: Thu, 17 Nov 2016 16:55:26 +0000 (+0100)
Subject: doc/cephfs: add note about deletion from OSD restricted pool
X-Git-Tag: v11.1.0~244^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f00546fee02e3b769a38e1fd471252765db703da;p=ceph.git

doc/cephfs: add note about deletion from OSD restricted pool

As described in http://tracker.ceph.com/issues/17937, a client with
restricted pool access can still delete files unless a corresponding
MDS path restriction is also in place.

Signed-off-by: David Disseldorp <ddiss@suse.de>
---

diff --git a/doc/cephfs/client-auth.rst b/doc/cephfs/client-auth.rst
index 9e20032d58c7..8d6db4e4e4ad 100644
--- a/doc/cephfs/client-auth.rst
+++ b/doc/cephfs/client-auth.rst
@@ -78,6 +78,12 @@ restricts access to the CephFS data pool(s):
         caps: [mon] allow r
         caps: [osd] allow rw pool=data1, allow rw pool=data2
 
+.. note::
+
+    Without a corresponding MDS path restriction, the OSD capabilities above do
+    **not** restrict file deletions outside of the ``data1`` and ``data2``
+    pools.
+
 You may also restrict clients from writing data by using 'r' instead of
 'rw' in OSD capabilities.  This does not affect the ability of the client
 to update filesystem metadata for these files, but it will prevent them