diff options
author | Greg Farnum <gregf@hq.newdream.net> | 2010-03-15 10:37:22 -0700 |
---|---|---|
committer | Greg Farnum <gregf@hq.newdream.net> | 2010-03-15 10:40:42 -0700 |
commit | 795035669bc78e8b916d204e005be3d1acf1b93d (patch) | |
tree | 633ed37d5c8fdd810bfad95fc1c66a12ffd25e07 /man | |
parent | 5c2319f2fa3b9513db2a1a76fa54476bc043b673 (diff) | |
download | ceph-795035669bc78e8b916d204e005be3d1acf1b93d.tar.gz |
auth: update documentation on caps
Diffstat (limited to 'man')
-rw-r--r-- | man/cauthtool.8 | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/man/cauthtool.8 b/man/cauthtool.8 index 7e624b40844..7415a1bc3f1 100644 --- a/man/cauthtool.8 +++ b/man/cauthtool.8 @@ -39,10 +39,10 @@ will set the capabilities associated with a given key. .SH CAPS FILE FORMAT The caps file format consists of zero or more key/value pairs. The key is the name of the Ceph subsystem (osd, mds, mon). The value is a comma separated list of allow, deny clauses with a permission -specifier containing one or more of \fIrwx\fP, for read, write, and execute permission. For +specifier containing one or more of \fIrwx\fP, for read, write, and execute permission. If you want to declare the key an administrator (with full privileges on everything), use the shorthand 'subsystem = "allow *"'. For example, .IP -osd = "allow rwx [pool foo]" # can read, write, and execute objects +osd = "allow rwx [pool foo] [auid bar]" # can read, write, and execute objects .IP mds = "allow" # can access mds server .IP @@ -57,6 +57,8 @@ A client mounting the file system with minimal permissions would need caps like mds = "allow" .IP osd = "allow rw pool data" +.IP +mon = "allow r" .PP .SH EXAMPLE To create a new keyring containing a key for \fIclient.foo\fP: |