Re: Restrict user access per bucket

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Wei,

I am bit confused about specifying the request entities while making the PUT request. Would be great if you could give some guidance.

1. I tried the above method, using aws s3 sdk for php. It is failing for putbucketacl call. my php code is given below.
 
I tried to do like this, http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.S3.S3Client.html#_putBucketAcl (with few modifications on variables mentioned on your link). But did not help. Could you provide any example on how to specify the "request entities" mentioned here: http://ceph.com/docs/master/radosgw/s3/bucketops/#put-bucket-acl
=====
<?php

require 'AWSSDKforPHP/aws.phar';

use Aws\S3\S3Client;

$client = S3Client::factory(array(
    'base_url' => "http://my_host",
    'key'    => 'xxxxx',
    'secret' => 'xxxxxxx',
));

$bucket = 'My_bucket_name';

$grantee = array( "DisplayName" => "XXXX", "ID" => "XXXX",);
$perm = array( "Grant" => "READ", );
       
$arg["AccessControlList"]= array( "ACL" => "private", );
$arg["Bucket"]= $bucket;
$arg["Grant"]= array( "Grantee"  => $grantee, "Permission"  => $perm,);
               
$result = $client->putBucketAcl($args = $arg);

============

2. I tried creating private buckets as well, using,

s3cmd -c s3cfg_file --acl-private mb s3://Test2

but other users are also able to read/write to the bucket.


Thank you,
Jaseer TK






On Tue, Dec 31, 2013 at 1:20 PM, Gao, Wei M <wei.m.gao@xxxxxxxxx> wrote:

You can set the bucket ACL or Canned_ACL. By default, only the owner can access a private bucket.

http://ceph.com/docs/master/radosgw/s3/bucketops/#put-bucket-acl

 

Best Regards

Wei

From: ceph-users-bounces@xxxxxxxxxxxxxx [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] On Behalf Of hemant burman
Sent: Tuesday, December 31, 2013 2:58 PM
To: Jaseer TK; Mark Nelson
Cc: ceph-users@xxxxxxxx
Subject: Re: Restrict user access per bucket

 

Hello All,

To add to this,

 

So for radosgw, there are 2 users, the first user has access to radosgw and then 2nd one is mentioned in the keyring which accesses the mon/osds.

 

Now we want to restrict the radosgw user to a particular bucket, please help us out here if there is a way to achieve the same.

 

-Hemant

 

 

On Mon, Dec 30, 2013 at 7:49 PM, Jaseer TK <jaseer.tk@xxxxxxxxxx> wrote:

 

Hi,

I am trying out ceph storage solution in my organisation, and using radosgw+s3 client to write/read data to cluster. Is there any option with radosgw/ceph to enforce specific acl's on the buckets we create. For example I want to give a user to have write/read access to a particular bucket only.

 

Thank you,
Jaseer TK

 

_____________________________________________________________

The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

 


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



_____________________________________________________________
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux