radosgw setting puplic ACLs fails.

Micha Krause <micha@xxxxxxxxxx> · Fri, 08 Nov 2013 14:09:59 +0100

Hi,

I'm trying to set public ACLs to an object, so that I can access the object via Web-browser.
unfortunately without success:

s3cmd setacl --acl-public s3://test/hosts
ERROR: S3 error: 403 (AccessDenied):

The radosgw log says:

x-amz-date:Fri, 08 Nov 2013 12:56:55 +0000
/test/hosts?acl
2013-11-08 13:56:55.090604 7fe3314c6700 15 calculated digest=K6fFJdBvy1YXZw0kqZ7qt6sRkzk=
2013-11-08 13:56:55.090606 7fe3314c6700 15 auth_sign=K6fFJdBvy1YXZw0kqZ7qt6sRkzk=
2013-11-08 13:56:55.090607 7fe3314c6700 15 compare=0
2013-11-08 13:56:55.090610 7fe3314c6700  2 req 60:0.000290:s3:PUT /hosts:put_acls:reading permissions
2013-11-08 13:56:55.090621 7fe3314c6700 20 get_obj_state: rctx=0xf32a50 obj=.rgw:test state=0xf21888 s->prefetch_data=0
2013-11-08 13:56:55.090630 7fe3314c6700 10 moving .rgw+test to cache LRU end
2013-11-08 13:56:55.090632 7fe3314c6700 10 cache get: name=.rgw+test : hit
2013-11-08 13:56:55.090635 7fe3314c6700 20 get_obj_state: s->obj_tag was set empty
2013-11-08 13:56:55.090637 7fe3314c6700 20 Read xattr: user.rgw.idtag
2013-11-08 13:56:55.090639 7fe3314c6700 20 Read xattr: user.rgw.manifest
2013-11-08 13:56:55.090641 7fe3314c6700 10 moving .rgw+test to cache LRU end
2013-11-08 13:56:55.090642 7fe3314c6700 10 cache get: name=.rgw+test : hit
2013-11-08 13:56:55.090650 7fe3314c6700 20 rgw_get_bucket_info: bucket instance: test(@{i=.rgw.buckets.index}.rgw.buckets[default.4212.2])
2013-11-08 13:56:55.090654 7fe3314c6700 20 reading from .rgw:.bucket.meta.test:default.4212.2
2013-11-08 13:56:55.090659 7fe3314c6700 20 get_obj_state: rctx=0xf32a50 obj=.rgw:.bucket.meta.test:default.4212.2 state=0xf39678 s->prefetch_data=0
2013-11-08 13:56:55.090663 7fe3314c6700 10 moving .rgw+.bucket.meta.test:default.4212.2 to cache LRU end
2013-11-08 13:56:55.090665 7fe3314c6700 10 cache get: name=.rgw+.bucket.meta.test:default.4212.2 : hit
2013-11-08 13:56:55.090668 7fe3314c6700 20 get_obj_state: s->obj_tag was set empty
2013-11-08 13:56:55.090670 7fe3314c6700 20 Read xattr: user.rgw.acl
2013-11-08 13:56:55.090671 7fe3314c6700 20 Read xattr: user.rgw.idtag
2013-11-08 13:56:55.090672 7fe3314c6700 20 Read xattr: user.rgw.manifest
2013-11-08 13:56:55.090674 7fe3314c6700 10 moving .rgw+.bucket.meta.test:default.4212.2 to cache LRU end
2013-11-08 13:56:55.090676 7fe3314c6700 10 cache get: name=.rgw+.bucket.meta.test:default.4212.2 : hit
2013-11-08 13:56:55.090690 7fe3314c6700 15 Read AccessControlPolicy<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/";><Owner><ID>test</ID><DisplayName>Test</DisplayName></Owner><AccessControlList><Grant><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="CanonicalUser"><ID>test</ID><DisplayName>Test</DisplayName></Grantee><Permission>FULL_CONTROL</Permission></Grant></AccessControlList></AccessControlPolicy>
2013-11-08 13:56:55.090702 7fe3314c6700 20 get_obj_state: rctx=0xf32a50 obj=test:hosts state=0xf633e8 s->prefetch_data=0
2013-11-08 13:56:55.093871 7fe3314c6700 10 manifest: total_size = 156
2013-11-08 13:56:55.093875 7fe3314c6700 10 manifest: ofs=0 loc=test:hosts
2013-11-08 13:56:55.093876 7fe3314c6700 20 get_obj_state: setting s->obj_tag to default.4212.50
2013-11-08 13:56:55.093882 7fe3314c6700 15 Read AccessControlPolicy<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/";><Owner><ID>test</ID><DisplayName>Test</DisplayName></Owner><AccessControlList><Grant><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="CanonicalUser"><ID>test</ID><DisplayName>Test</DisplayName></Grantee><Permission>FULL_CONTROL</Permission></Grant></AccessControlList></AccessControlPolicy>
2013-11-08 13:56:55.093889 7fe3314c6700  2 req 60:0.003568:s3:PUT /hosts:put_acls:verifying op mask
2013-11-08 13:56:55.093894 7fe3314c6700 20 required_mask= 2 user.op_mask=7
2013-11-08 13:56:55.093896 7fe3314c6700  2 req 60:0.003576:s3:PUT /hosts:put_acls:verifying op permissions
2013-11-08 13:56:55.093900 7fe3314c6700  5 Searching permissions for uid=test mask=56
2013-11-08 13:56:55.093903 7fe3314c6700  5 Found permission: 15
2013-11-08 13:56:55.093905 7fe3314c6700  5 Searching permissions for group=1 mask=56
2013-11-08 13:56:55.093907 7fe3314c6700  5 Permissions for group not found
2013-11-08 13:56:55.093909 7fe3314c6700  5 Getting permissions id=test owner=test perm=8
2013-11-08 13:56:55.093912 7fe3314c6700 10  uid=test requested perm (type)=8, policy perm=8, user_perm_mask=15, acl perm=8
2013-11-08 13:56:55.093914 7fe3314c6700  2 req 60:0.003593:s3:PUT /hosts:put_acls:verifying op params
2013-11-08 13:56:55.093916 7fe3314c6700  2 req 60:0.003596:s3:PUT /hosts:put_acls:executing
2013-11-08 13:56:55.093938 7fe3314c6700 15 read len=343 data=<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/";><Owner><ID /></Owner><AccessControlList><Grant><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="Group"><URI>http://acs.amazonaws.com/groups/global/AllUsers</URI></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
2013-11-08 13:56:55.094007 7fe3314c6700 15 Old AccessControlPolicy<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/";><AccessControlList><Grant><Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="Group"><URI>http://acs.amazonaws.com/groups/global/AllUsers</URI></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
2013-11-08 13:56:55.094066 7fe3314c6700  2 req 60:0.003745:s3:PUT /hosts:put_acls:http status=403
2013-11-08 13:56:55.094209 7fe3314c6700  1 ====== req done req=0xf68e20 http_status=403 ======
2013-11-08 13:57:03.324082 7fe35d922700  2 RGWDataChangesLog::ChangesRenewThread: start
2013-11-08 13:57:25.324242 7fe35d922700  2 RGWDataChangesLog::ChangesRenewThread: start

Any ideas?

Micha Krause
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com