On Thu, Sep 12, 2013 at 2:35 PM, Liam Monahan <liam@xxxxxxxxxxxxxx> wrote: > Hi, > > There's a limitation for my site's installation of Ceph, particularly the > radosgw s3 API, that we've been trying to work around. If a user is granted > FULL_CONTROL over a bucket, they still can get 403s when trying to > access/modify keys in that bucket. Would it be appropriate to skip ACL > checks for the key if the user has full control over the bucket or is there > a good reason not to do so? > > I wanted to gauge the likelihood of acceptance for such a patch before > starting in on it. Any suggestions would be helpful. I was thinking that > modifications would mainly be necessary in verify_object_permission() in > src/rgw/rgw_common.cc. In general if it breaks S3 compatibility then such behavior would need to be set through a configurable. If it's turned off by default I don't really see why not to include such an option. Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
