On Mon, Oct 7, 2013 at 7:34 AM, Liam Monahan <liam@xxxxxxxxxxxxxx> wrote: > On 09/12/2013 07:26 PM, Yehuda Sadeh wrote: >> >> On Thu, Sep 12, 2013 at 2:35 PM, Liam Monahan <liam@xxxxxxxxxxxxxx> wrote: >>> >>> Hi, >>> >>> There's a limitation for my site's installation of Ceph, particularly the >>> radosgw s3 API, that we've been trying to work around. If a user is >>> granted >>> FULL_CONTROL over a bucket, they still can get 403s when trying to >>> access/modify keys in that bucket. Would it be appropriate to skip ACL >>> checks for the key if the user has full control over the bucket or is >>> there >>> a good reason not to do so? >>> >>> I wanted to gauge the likelihood of acceptance for such a patch before >>> starting in on it. Any suggestions would be helpful. I was thinking >>> that >>> modifications would mainly be necessary in verify_object_permission() in >>> src/rgw/rgw_common.cc. >> >> >> In general if it breaks S3 compatibility then such behavior would need >> to be set through a configurable. If it's turned off by default I >> don't really see why not to include such an option. >> >> Yehuda >> > Hi, > > I put in a pull request at https://github.com/ceph/ceph/pull/672 for this > feature. Do you guys have any feedback? Is there anything I need to do to > make this more appealing? > I still need to review it, have it on my todo list. Thanks, Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
