On Fri, Aug 23, 2013 at 5:31 AM, Mihály Árva-Tóth
<mihaly.arva-toth@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hello,
>
> I have an user with 3 subuser:
>
> { "user_id": "johndoe",
> "display_name": "John Doe",
> "email": "",
> "suspended": 0,
> "max_buckets": 1000,
> "auid": 0,
> "subusers": [
> { "id": "johndoe:readonly",
> "permissions": "read"},
> { "id": "johndoe:swift",
> "permissions": "full-control"},
> { "id": "johndoe:wo",
> "permissions": "write"}],
> "keys": [
> { "user": "johndoe",
> "access_key": "xxx",
> "secret_key": "xxx}],
> "swift_keys": [
> { "user": "johndoe:readonly",
> "secret_key": "abcde"},
> { "user": "johndoe:swift",
> "secret_key": "fghij"},
> { "user": "johndoe:wo",
> "secret_key": "klmno"}],
> "caps": []}
>
> If I understand correct johndoe:readonly subuser has no privileges to create
> container or upload object. But I can do:
>
> swift -V 1.0 -A http://localhost/auth -U johndoe:readonly -K abcde post
> testcontainer
> swift -V 1.0 -A http://localhost/auth -U johndoe:readonly -K abcde upload
> testcontainer testfile.100
> swift -V 1.0 -A http://localhost/auth -U johndoe:readonly -K abcde stat
> testcontainer sparse.100
> Account: v1
> Container: testcontainer
> Object: sparse.100
> Content Type: binary/octet-stream
> Content Length: 5242880
> Last Modified: Fri, 23 Aug 2013 12:25:57 GMT
> ETag: 5f363e0e58a95f06cbe9bbc662c5dfb6
> Meta Mtime: 1372251959.01
> .......
>
>
> Another side, johndoe:wo user (who has write permission only) should not be
> able to list containers and objects. But I can do it:
>
> swift -V 1.0 -A http://localhost/auth -U johndoe:wo -K klmno list
> testcontainer
> sparse.100
>
> Is there anything that I misunderstood?
>
Hi,
thank you for the report. I opened tracker issue #6126.
Yehuda
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
