Re: Custom ACL's are not being honoured.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi Yehuda,

Thanks for response.

my setup is on ubuntu 12.04 servers, ceph pkg's:

========
ii  ceph                             0.72.2-1precise                   distributed storage and file system
ii  ceph-common                      0.72.2-1precise                   common utilities to mount and interact with a ceph storage cluster
ii  ceph-fs-common                   0.72.2-1precise                   common utilities to mount and interact with a ceph file system
ii  ceph-mds                         0.72.2-1precise                   metadata server for the ceph distributed file system
==========

rados version:
=====
ii  librados2                        0.72.2-1precise                     RADOS distributed object store client library
ii  radosgw                          0.72.2-1precise                     REST gateway for RADOS distributed object store
ii  radosgw-agent                    1.1-1precise    
=======


rados conf:

[client.radosgw.us-east-1]
    rgw region = us
    rgw region root pool = .us.rgw.root
    rgw zone = east-1
    rgw zone root pool = .us-east-1.rgw.root
    keyring = /etc/ceph/ceph.client.radosgw.keyring
    debug rgw = 20
    debug ms = 1
    rgw_dns_name = my_domain
    rgw socket path = /var/run/ceph/client.radosgw.us-east-1.sock
    log file = /var/log/ceph/radosgw.log
    host = my_rados_hostname


Logs while doing putacl,
=========
2014-01-08 07:01:00.364967 7f0180f5d700 10 RGWWatcher::notify() opcode=1 ver=1 bl.length()=462
2014-01-08 07:01:00.365006 7f0180f5d700 10 cache put: name=.us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1
2014-01-08 07:01:00.365013 7f0180f5d700 10 moving .us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1 to cache LRU end
2014-01-08 07:01:00.365017 7f0180f5d700 10 appending xattr: name=user.rgw.acl bl.length()=150
2014-01-08 07:01:01.501663 7f016bfff700  2 RGWDataChangesLog::ChangesRenewThread: start
==========

No
rgw logs when doing s3cmd del.

I am using http://undesigned.org.za/2007/10/22/amazon-s3-php-class/ with minor modifications to use with rados s3 interface.
getacl  shows my acl is applied. But user is still able to delete. Please let me know if you want me to share my php code for getacl and putacl.




--
Thank you,
Jaseer TK








On Tue, Jan 7, 2014 at 9:30 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote:
On Tue, Jan 7, 2014 at 2:40 AM, Jaseer Tk <jaseer.tk@xxxxxxxxxx> wrote:
>
> Hi all,
>
> I tried to apply custom ACL(only Read) on an s3 bucket created. The rules
> seems to have got applied. But it looks the ACL's not getting honored.
>
> when I use getacl, I get the result.
> =======
>
> Array
> (
>     [0] => Array
>         (
>             [Grantee] => Array
>                 (
>                     [ID] => test-user
>                     [DisplayName] => Test User
>                 )
>
>             [Permission] => READ
>         )
>
> )
>
>
> But Still this user is able to delete files from the bucket :(
>
> Am I missing something here ?
>
>
What version are you running? Just tried it with dumpling and it
worked ok. Can you provide rgw logs for it? (acl setting + removal;
set 'debug rgw = 20' and 'debug ms = 1').

Thanks,
Yehuda


_____________________________________________________________
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux