From 88f00bcc7faf87aa7a1f30d8638cef8dd7f0eedb Mon Sep 17 00:00:00 2001
From: Adam Kupczyk <akucpzyk@redhat.com>
Date: Tue, 11 Jul 2017 13:12:33 -0400
Subject: [PATCH] Fixed too big privileges for client.rgw.

Signed-off-by: Adam Kupczyk <akucpzyk@redhat.com>
---
 src/vstart.sh | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/vstart.sh b/src/vstart.sh
index 5eb6ff60779dc..086ae723a9049 100755
--- a/src/vstart.sh
+++ b/src/vstart.sh
@@ -547,11 +547,10 @@ start_mon() {
 			--cap mgr 'allow *' \
 			"$keyring_fn"
 
-		prun $SUDO "$CEPH_BIN/ceph-authtool" --gen-key --name=client.rgw --set-uid=0 \
-		    --cap mon 'allow *' \
-		    --cap osd 'allow *' \
-		    --cap mds 'allow *' \
-		    --cap mgr 'allow *' \
+		prun $SUDO "$CEPH_BIN/ceph-authtool" --gen-key --name=client.rgw \
+		    --cap mon 'allow rw' \
+		    --cap osd 'allow rwx' \
+		    --cap mgr 'allow rw' \
 		    "$keyring_fn"
 
 		# build a fresh fs monmap, mon fs
@@ -990,7 +989,6 @@ do_rgw()
     n=$(($CEPH_NUM_RGW - 1))
     i=0
     for rgw in j k l m n o p q r s t u v; do
-	ceph_adm auth get-or-create client.rgw.$rgw mon 'allow rw' osd 'allow rwx' mgr 'allow rw' -o $CEPH_DEV_DIR/rgw.$rgw.keyring
 	echo start rgw on http://localhost:$((CEPH_RGW_PORT + i))
 	run 'rgw' $RGWSUDO $CEPH_BIN/radosgw -c $conf_fn --log-file=${CEPH_OUT_DIR}/rgw.$rgw.log ${RGWDEBUG} --debug-ms=1 -n client.rgw "--rgw_frontends=${rgw_frontend} port=$((CEPH_RGW_PORT + i))"
 	i=$(($i + 1))
-- 
2.39.5