Hi, So say a usera has full control (and is the owner) of a bucket in s3 and gives userb 'FULL_CONTROL' on the bucket. Userb writes a file and it seems that by default the ACL for that key is going to be 'FULL_CONTROL' for userb. When usera iterates the key even just over the ACL for the key, they get a 403. I would think that 'FULL_CONTROL' at the bucket level gives the user at least the ability to see the ACL. They can list the key itself and the size and last modified. Is this by design? Is there any chance that the default behavior would be able to changed to by default (without specifying a canned acl) that the bucket acl would be applied for a key? We are looking to provide some secure s3 collaboration space. Groups in the ACLs would be like pie in the sky but right now just being able to get sticky ACLs from the bucket would be huge. Thanks, derek -- --- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |