Moreover, any newly created user is able read/write to existing buckets !!
On Wed, Jan 8, 2014 at 12:46 PM, Jaseer Tk <jaseer...@inmobi.com> wrote: > > Hi Yehuda, > > Thanks for response. > > my setup is on ubuntu 12.04 servers, ceph pkg's: > > ======== > > > > > > > *ii ceph 0.72.2-1precise > distributed storage and file system ii ceph-common > 0.72.2-1precise common utilities to mount and interact > with a ceph storage clusterii ceph-fs-common > 0.72.2-1precise common utilities to mount and interact > with a ceph file system ii ceph-mds > 0.72.2-1precise metadata server for the ceph distributed > file system==========* > > > > > > > > > *rados version:=====ii librados2 > 0.72.2-1precise RADOS distributed object store client > library ii radosgw > 0.72.2-1precise REST gateway for RADOS distributed > object storeii radosgw-agent 1.1-1precise =======* > > > > > > > > > > > > > > > > > *rados conf: [client.radosgw.us-east-1] rgw region = us rgw region > root pool = .us.rgw.root rgw zone = east-1 rgw zone root pool = > .us-east-1.rgw.root keyring = /etc/ceph/ceph.client.radosgw.keyring > debug rgw = 20 debug ms = 1 rgw_dns_name = my_domain rgw socket > path = /var/run/ceph/client.radosgw.us-east-1.sock log file = > /var/log/ceph/radosgw.log host = my_rados_hostname * > > > > > > > > > > *Logs while doing putacl,=========2014-01-08 07:01:00.364967 7f0180f5d700 > 10 RGWWatcher::notify() opcode=1 ver=1 bl.length()=4622014-01-08 > 07:01:00.365006 7f0180f5d700 10 cache put: > name=.us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1 2014-01-08 > 07:01:00.365013 7f0180f5d700 10 moving > .us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1 to cache LRU > end2014-01-08 07:01:00.365017 7f0180f5d700 10 appending xattr: > name=user.rgw.acl bl.length()=1502014-01-08 07:01:01.501663 7f016bfff700 2 > RGWDataChangesLog::ChangesRenewThread: start ==========No* rgw logs when > doing s3cmd del. > > I am using http://undesigned.org.za/2007/10/22/amazon-s3-php-class/ with > minor modifications to use with rados s3 interface. > getacl shows my acl is applied. But user is still able to delete. Please > let me know if you want me to share my php code for getacl and putacl. > > > > > > *--* > > *Thank you, * > > > *Jaseer TK* > > > > > > > > On Tue, Jan 7, 2014 at 9:30 PM, Yehuda Sadeh <yeh...@inktank.com> wrote: > >> On Tue, Jan 7, 2014 at 2:40 AM, Jaseer Tk <jaseer...@inmobi.com> wrote: >> > >> > Hi all, >> > >> > I tried to apply custom ACL(only Read) on an s3 bucket created. The >> rules >> > seems to have got applied. But it looks the ACL's not getting honored. >> > >> > when I use getacl, I get the result. >> > ======= >> > >> > Array >> > ( >> > [0] => Array >> > ( >> > [Grantee] => Array >> > ( >> > [ID] => test-user >> > [DisplayName] => Test User >> > ) >> > >> > [Permission] => READ >> > ) >> > >> > ) >> > >> > >> > But Still this user is able to delete files from the bucket :( >> > >> > Am I missing something here ? >> > >> > >> What version are you running? Just tried it with dumpling and it >> worked ok. Can you provide rgw logs for it? (acl setting + removal; >> set 'debug rgw = 20' and 'debug ms = 1'). >> >> Thanks, >> Yehuda >> > > -- _____________________________________________________________ The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
