Derek, That's great...I am hopeful it makes it into the next release too...it will solve several issues we are having, trying to working around radosgw bucket and object permissions when there are multiple users writing files to our buckets. And with the 's3cmd setacl' failing...at this point I don't see too many other alternatives for us. Thanks again, Shain Shain Miley | Manager of Systems and Infrastructure, Digital Media | smiley@xxxxxxx | 202.513.3649 ________________________________________ From: Derek Yarnell [derek@xxxxxxxxxxxxxx] Sent: Wednesday, November 27, 2013 11:21 AM To: Shain Miley Cc: derek@xxxxxxxxxxxxxx; ceph-users Subject: Re: radosgw setting puplic ACLs fails. On 11/26/13, 3:31 PM, Shain Miley wrote: > Micha, > > Did you ever figure out a work around for this issue? > > I also had plans of using s3cmd to put, and recursively set acl's on a nightly basis...however we are getting the 403 errors as well during our testing. > > I was just wondering if you were able to find another solution. Hi, There is code[1] in the master branch (I am not sure but I hope it will make it into the next stable release, it is not in 0.72.x) that allows you defer to the bucket ACLs. defer_to_bucket_acls is the configurable which allows for two different modes. Recurse just propagates the specific bucket acls to all the keys, it does fall through to the key ACL if the bucket ACL doesn't apply. Full_control allows someone with FULL_CONTROL at the bucket level to do whatever they want to the keys (including replace the whole ACL), and again falls through to the key ACL. Note this breaks AWS S3 compatibility and is why it is a configurable. [1] - https://github.com/ceph/ceph/pull/672 Thanks, derek -- Derek T. Yarnell University of Maryland Institute for Advanced Computer Studies _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |