On Thu, Jan 12, 2012 at 4:27 PM, huang jun <hjwsm1989@xxxxxxxxx> wrote: > > hi,all > when i use radosgw+s3, there are two werid things: > 1) we can use the command "raodsgw_admin subuser create --subuser > ="a1" -i 8" to create a subuser named "a1" under a user whoes user_id > is 8. > and also can create many subusers under one single user. > can we give the specified subuser permission to visit a specified bucket? Not at the moment, though we can probably add that easily. You can, however, give the subuser a reduced access permission to whatever the main user has (e.g., read-only access, read-write only with no access control, etc.) > so what do subusers do here? Subuser is used currently for Swift, where you can create a few users under a single account. > 2) we can create many access-key and secret-keys for an user, do we > need so many keys? > That's up to you. You may want to use a key per service, and if one key is compromised, or if there's a need to replace it you can revoke only that key, while other services can continue using their keys. Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
