From 5e221a404140f6d752b4b50637bd2e689570b4fa Mon Sep 17 00:00:00 2001 From: John Wilkins Date: Fri, 19 Oct 2012 15:40:33 -0700 Subject: [PATCH] doc: Added clarification from Peter's feedback. Signed-off-by: John Wilkins --- doc/cluster-ops/auth-intro.rst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/doc/cluster-ops/auth-intro.rst b/doc/cluster-ops/auth-intro.rst index d7c2ea32224f..2e7a23160b0a 100644 --- a/doc/cluster-ops/auth-intro.rst +++ b/doc/cluster-ops/auth-intro.rst @@ -191,9 +191,12 @@ authenticated user to exercise the functionality of the monitors, OSDs and metadata servers. Capabilities can also restrict access to data within one or more pools. -.. important:: Ceph capabilities are **NOT** the same as CephFS - filesystem authorization permission using the POSIX file system - interface (e.g., ``chmod``). +.. important:: Ceph uses the capabilities discussed here for setting up and + controlling access between various Ceph client and server instances, and + are relevant regardless of what type of client accesses the Ceph object + store. CephFS uses a different type of capability for files and directories + internal to the CephFS filesystem. CephFS filesystem access controls are + relevant to CephFS, but not block devices or the RESTful gateway. A Ceph ``client.admin`` user sets a user's capabilities when creating the user. -- 2.47.3