Re: Custom ACL's are not being honoured.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Thanks Yehuda,

But I am seeing only this much in the logs with the log options we set. I'll try once again and update you.

Do you think any global parameter (like region/zone settings or user's privileges ) could be causing these buckets to be writable all users ?

Thank you,
Jaseer TK





On Wed, Jan 8, 2014 at 10:27 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote:
On Tue, Jan 7, 2014 at 11:16 PM, Jaseer Tk <jaseer.tk@xxxxxxxxxx> wrote:
>
> Hi Yehuda,
>
> Thanks for response.
>
> my setup is on ubuntu 12.04 servers, ceph pkg's:
>
> ========
> ii  ceph                             0.72.2-1precise
> distributed storage and file system
> ii  ceph-common                      0.72.2-1precise
> common utilities to mount and interact with a ceph storage cluster
> ii  ceph-fs-common                   0.72.2-1precise
> common utilities to mount and interact with a ceph file system
> ii  ceph-mds                         0.72.2-1precise
> metadata server for the ceph distributed file system
> ==========
>
> rados version:
> =====
> ii  librados2                        0.72.2-1precise
> RADOS distributed object store client library
> ii  radosgw                          0.72.2-1precise
> REST gateway for RADOS distributed object store
> ii  radosgw-agent                    1.1-1precise
> =======
>
>
> rados conf:
>
> [client.radosgw.us-east-1]
>     rgw region = us
>     rgw region root pool = .us.rgw.root
>     rgw zone = east-1
>     rgw zone root pool = .us-east-1.rgw.root
>     keyring = /etc/ceph/ceph.client.radosgw.keyring
>     debug rgw = 20
>     debug ms = 1
>     rgw_dns_name = my_domain
>     rgw socket path = /var/run/ceph/client.radosgw.us-east-1.sock
>     log file = /var/log/ceph/radosgw.log
>     host = my_rados_hostname
>
>
> Logs while doing putacl,
> =========
> 2014-01-08 07:01:00.364967 7f0180f5d700 10 RGWWatcher::notify() opcode=1
> ver=1 bl.length()=462
> 2014-01-08 07:01:00.365006 7f0180f5d700 10 cache put:
> name=.us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1
> 2014-01-08 07:01:00.365013 7f0180f5d700 10 moving
> .us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1 to cache LRU end
> 2014-01-08 07:01:00.365017 7f0180f5d700 10 appending xattr:
> name=user.rgw.acl bl.length()=150
> 2014-01-08 07:01:01.501663 7f016bfff700  2
> RGWDataChangesLog::ChangesRenewThread: start
> ==========

These aren't very thorough logs, looks like a very small snippet. Is
that all you're getting?


>
> No rgw logs when doing s3cmd del.
>
> I am using http://undesigned.org.za/2007/10/22/amazon-s3-php-class/ with
> minor modifications to use with rados s3 interface.
> getacl  shows my acl is applied. But user is still able to delete. Please
> let me know if you want me to share my php code for getacl and putacl.
>
>
>
>
> --
> Thank you,
> Jaseer TK
>
>
>
>
>
>
>
>
> On Tue, Jan 7, 2014 at 9:30 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote:
>>
>> On Tue, Jan 7, 2014 at 2:40 AM, Jaseer Tk <jaseer.tk@xxxxxxxxxx> wrote:
>> >
>> > Hi all,
>> >
>> > I tried to apply custom ACL(only Read) on an s3 bucket created. The
>> > rules
>> > seems to have got applied. But it looks the ACL's not getting honored.
>> >
>> > when I use getacl, I get the result.
>> > =======
>> >
>> > Array
>> > (
>> >     [0] => Array
>> >         (
>> >             [Grantee] => Array
>> >                 (
>> >                     [ID] => test-user
>> >                     [DisplayName] => Test User
>> >                 )
>> >
>> >             [Permission] => READ
>> >         )
>> >
>> > )
>> >
>> >
>> > But Still this user is able to delete files from the bucket :(
>> >
>> > Am I missing something here ?
>> >
>> >
>> What version are you running? Just tried it with dumpling and it
>> worked ok. Can you provide rgw logs for it? (acl setting + removal;
>> set 'debug rgw = 20' and 'debug ms = 1').
>>
>> Thanks,
>> Yehuda
>
>
>
> _____________________________________________________________
> The information contained in this communication is intended solely for the
> use of the individual or entity to whom it is addressed and others
> authorized to receive it. It may contain confidential or legally privileged
> information. If you are not the intended recipient you are hereby notified
> that any disclosure, copying, distribution or taking any action in reliance
> on the contents of this information is strictly prohibited and may be
> unlawful. If you have received this communication in error, please notify us
> immediately by responding to this email and then delete it from your system.
> The firm is neither liable for the proper and complete transmission of the
> information contained in this communication nor for any delay in its
> receipt.


_____________________________________________________________
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux