From: Greg Farnum <gfarnum@redhat.com>
Date: Fri, 30 Sep 2022 19:34:27 +0000 (+0000)
Subject: doc: discuss the standard multi-tenant CephFS security model
X-Git-Tag: v16.2.15~187^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=f23b6e628555278d32327387a895f170d5a3f376;p=ceph.git

doc: discuss the standard multi-tenant CephFS security model

Fixes: https://tracker.ceph.com/issues/57737

Signed-off-by: Greg Farnum <gfarnum@redhat.com>
(cherry picked from commit 91e7c7de6a5ccb44e9cbf3fffe258c952f733fe8)
---

diff --git a/doc/cephfs/client-auth.rst b/doc/cephfs/client-auth.rst
index fd0faa83963a2..a7dea52518bdd 100644
--- a/doc/cephfs/client-auth.rst
+++ b/doc/cephfs/client-auth.rst
@@ -24,6 +24,16 @@ that directory.
 To restrict clients to only mount and work within a certain directory, use
 path-based MDS authentication capabilities.
 
+Note that this restriction *only* impacts the filesystem hierarchy -- the metadata
+tree managed by the MDS. Clients will still be able to access the underlying
+file data in RADOS directly. To segregate clients fully, you must also isolate
+untrusted clients in their own RADOS namespace. You can place a client's
+filesystem subtree in a particular namespace using `file layouts`_ and then
+restrict their RADOS access to that namespace using `OSD capabilities`_
+
+.. _file layouts: ./file-layouts
+.. _OSD capabilities: ../rados/operations/user-management/#authorization-capabilities
+
 Syntax
 ------