On 09/12/2013 07:26 PM, Yehuda Sadeh wrote:
On Thu, Sep 12, 2013 at 2:35 PM, Liam Monahan <liam@xxxxxxxxxxxxxx> wrote:
Hi,
There's a limitation for my site's installation of Ceph, particularly the
radosgw s3 API, that we've been trying to work around. If a user is granted
FULL_CONTROL over a bucket, they still can get 403s when trying to
access/modify keys in that bucket. Would it be appropriate to skip ACL
checks for the key if the user has full control over the bucket or is there
a good reason not to do so?
I wanted to gauge the likelihood of acceptance for such a patch before
starting in on it. Any suggestions would be helpful. I was thinking that
modifications would mainly be necessary in verify_object_permission() in
src/rgw/rgw_common.cc.
In general if it breaks S3 compatibility then such behavior would need
to be set through a configurable. If it's turned off by default I
don't really see why not to include such an option.
Yehuda
Hi,
I put in a pull request at https://github.com/ceph/ceph/pull/672 for
this feature. Do you guys have any feedback? Is there anything I need
to do to make this more appealing?
Liam
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
