Project

General

Profile

Actions
Copy link

Bug #75013

open

mon/AuthMonitor: wrong osd permissions for client with "*" perms

Added by Patrick Donnelly about 1 month ago. Updated 1 day ago.

Status:
Pending Backport
Priority:
Urgent
Assignee:
Patrick Donnelly
Category:
Administration/Usability
Target version:
Ceph - v21.0.0
% Done:

0%

Source:
Development
Backport:
tentacle,squid
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Labels (FS):
Pull request ID:
67406
Tags (freeform):
backport_processed
Merge Commit:
713e88e41bafd2e28c4b26c36adb43cd68030e15
Fixed In:
v20.3.0-6240-g713e88e41b
Released In:
Upkeep Timestamp:
2026-03-20T04:59:01+00:00

Description

https://github.com/ceph/ceph/blob/75a23253a2705c713e8d5c510f1c0f8125dc683f/src/mon/AuthMonitor.cc#L1723-L1724

[ubuntu@trial076 phlogistonjohn]$ sudo $HOME/cephtest/cephadm shell ceph fs authorize cephfs client.smb.dummy.1 / '*'
Inferring fsid 7bcd1ded-0ce7-11f1-a768-d404e6e7d460
Inferring config /var/lib/ceph/7bcd1ded-0ce7-11f1-a768-d404e6e7d460/mon.a/config
[client.smb.dummy.1]
        key = AQAIB5Zp+h+RLRAAQGZc6ME5skNdaTyZOiodXA==
        caps mds = "allow * fsname=cephfs" 
        caps mon = "allow r fsname=cephfs" 
        caps osd = "allow r tag cephfs data=cephfs" 
[ubuntu@trial076 phlogistonjohn]$ sudo $HOME/cephtest/cephadm shell ceph fs authorize cephfs client.smb.dummy.2 / 'rw'
Inferring fsid 7bcd1ded-0ce7-11f1-a768-d404e6e7d460
Inferring config /var/lib/ceph/7bcd1ded-0ce7-11f1-a768-d404e6e7d460/mon.a/config
[client.smb.dummy.2]
        key = AQARB5ZprfZ1ChAAkUrDF1zFz8CM7tW60Dc+PQ==
        caps mds = "allow rw fsname=cephfs" 
        caps mon = "allow r fsname=cephfs" 
        caps osd = "allow rw tag cephfs data=cephfs"

client.smb.dummy.1 should have "rw" on OSD.

Related issues 2 (2 open0 closed)

Copied to CephFS - Backport #75628: tentacle: mon/AuthMonitor: wrong osd permissions for client with "*" permsNewPatrick DonnellyActions
Copied to CephFS - Backport #75629: squid: mon/AuthMonitor: wrong osd permissions for client with "*" permsNewPatrick DonnellyActions
Actions
Copy link
 #1

Updated by Patrick Donnelly about 1 month ago

  • Status changed from In Progress to Fix Under Review
  • Assignee set to Patrick Donnelly
  • Pull request ID set to 67406
Actions
Copy link
 #2

Updated by Venky Shankar 23 days ago

  • Subject changed from mon/AuthMonitor: wrong osd permissions for clienf with "*" perms to mon/AuthMonitor: wrong osd permissions for client with "*" perms
Actions
Copy link
 #3

Updated by Upkeep Bot 1 day ago

  • Status changed from Fix Under Review to Pending Backport
  • Merge Commit set to 713e88e41bafd2e28c4b26c36adb43cd68030e15
  • Fixed In set to v20.3.0-6240-g713e88e41b
  • Upkeep Timestamp set to 2026-03-20T04:59:01+00:00
Actions
Copy link
 #4

Updated by Upkeep Bot 1 day ago

  • Copied to Backport #75628: tentacle: mon/AuthMonitor: wrong osd permissions for client with "*" perms added
Actions
Copy link
 #5

Updated by Upkeep Bot 1 day ago

  • Copied to Backport #75629: squid: mon/AuthMonitor: wrong osd permissions for client with "*" perms added
Actions
Copy link
 #6

Updated by Upkeep Bot 1 day ago

  • Tags (freeform) set to backport_processed
Actions
Copy link

Also available in: Atom PDF