On 10/1/13 11:37 AM, Fuchs, Andreas (SwissTXT) wrote:
> What we need to do is to have a key/secret with read write permission and one with read only permission to a certain bucket, is this possible? How?
Hi Andi,
Yes this is possible. You can either create accounts for the radosgw
through the radosgw-admin command on the host running radosgw proccesses
or through the API (though you will already need an key/secret setup and
allowed to access the API). For your example you can create two
accounts and set the ACLs appropriately on the bucket (and keys).
You can then use one of the S3 API wrappers (linked from the page you
referenced) to set up some permissions on the bucket. Please note
however when you upload a key into the bucket the default behavior is to
only give access to the user who uploads it (ie. the bucket permissions
do not propagate to the keys). So you will need to ensure that the keys
individually when you upload get set with the proper ACL.
# radosgw-admin user create --uid=bar --display-name="Foo Bar"
{ "user_id": "bar",
"display_name": "Foo Bar",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{ "user": "bar",
"access_key": "YLT12W6U5F0V7XNRWE1D",
"secret_key": "cUo7iRmf0IAuohlI57lUzJvxihZv05Ns2KVqTXLd"}],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"default_placement": "",
"placement_tags": []}
-derek
--
---
Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
