On Wed, Jan 8, 2014 at 9:40 AM, Jaseer Tk <jaseer.tk@xxxxxxxxxx> wrote: > > Thanks Yehuda, > > But I am seeing only this much in the logs with the log options we set. I'll > try once again and update you. There should be much more. > > Do you think any global parameter (like region/zone settings or user's > privileges ) could be causing these buckets to be writable all users ? > At the moment it looks like all users are actually mapping to the same user, or something along that line. It is not highly unlikely that misconfiguration caused it. Yehuda > Thank you, > Jaseer TK > > > > > > On Wed, Jan 8, 2014 at 10:27 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote: >> >> On Tue, Jan 7, 2014 at 11:16 PM, Jaseer Tk <jaseer.tk@xxxxxxxxxx> wrote: >> > >> > Hi Yehuda, >> > >> > Thanks for response. >> > >> > my setup is on ubuntu 12.04 servers, ceph pkg's: >> > >> > ======== >> > ii ceph 0.72.2-1precise >> > distributed storage and file system >> > ii ceph-common 0.72.2-1precise >> > common utilities to mount and interact with a ceph storage cluster >> > ii ceph-fs-common 0.72.2-1precise >> > common utilities to mount and interact with a ceph file system >> > ii ceph-mds 0.72.2-1precise >> > metadata server for the ceph distributed file system >> > ========== >> > >> > rados version: >> > ===== >> > ii librados2 0.72.2-1precise >> > RADOS distributed object store client library >> > ii radosgw 0.72.2-1precise >> > REST gateway for RADOS distributed object store >> > ii radosgw-agent 1.1-1precise >> > ======= >> > >> > >> > rados conf: >> > >> > [client.radosgw.us-east-1] >> > rgw region = us >> > rgw region root pool = .us.rgw.root >> > rgw zone = east-1 >> > rgw zone root pool = .us-east-1.rgw.root >> > keyring = /etc/ceph/ceph.client.radosgw.keyring >> > debug rgw = 20 >> > debug ms = 1 >> > rgw_dns_name = my_domain >> > rgw socket path = /var/run/ceph/client.radosgw.us-east-1.sock >> > log file = /var/log/ceph/radosgw.log >> > host = my_rados_hostname >> > >> > >> > Logs while doing putacl, >> > ========= >> > 2014-01-08 07:01:00.364967 7f0180f5d700 10 RGWWatcher::notify() opcode=1 >> > ver=1 bl.length()=462 >> > 2014-01-08 07:01:00.365006 7f0180f5d700 10 cache put: >> > name=.us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1 >> > 2014-01-08 07:01:00.365013 7f0180f5d700 10 moving >> > .us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1 to cache LRU end >> > 2014-01-08 07:01:00.365017 7f0180f5d700 10 appending xattr: >> > name=user.rgw.acl bl.length()=150 >> > 2014-01-08 07:01:01.501663 7f016bfff700 2 >> > RGWDataChangesLog::ChangesRenewThread: start >> > ========== >> >> These aren't very thorough logs, looks like a very small snippet. Is >> that all you're getting? >> >> >> > >> > No rgw logs when doing s3cmd del. >> > >> > I am using http://undesigned.org.za/2007/10/22/amazon-s3-php-class/ with >> > minor modifications to use with rados s3 interface. >> > getacl shows my acl is applied. But user is still able to delete. >> > Please >> > let me know if you want me to share my php code for getacl and putacl. >> > >> > >> > >> > >> > -- >> > Thank you, >> > Jaseer TK >> > >> > >> > >> > >> > >> > >> > >> > >> > On Tue, Jan 7, 2014 at 9:30 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote: >> >> >> >> On Tue, Jan 7, 2014 at 2:40 AM, Jaseer Tk <jaseer.tk@xxxxxxxxxx> wrote: >> >> > >> >> > Hi all, >> >> > >> >> > I tried to apply custom ACL(only Read) on an s3 bucket created. The >> >> > rules >> >> > seems to have got applied. But it looks the ACL's not getting >> >> > honored. >> >> > >> >> > when I use getacl, I get the result. >> >> > ======= >> >> > >> >> > Array >> >> > ( >> >> > [0] => Array >> >> > ( >> >> > [Grantee] => Array >> >> > ( >> >> > [ID] => test-user >> >> > [DisplayName] => Test User >> >> > ) >> >> > >> >> > [Permission] => READ >> >> > ) >> >> > >> >> > ) >> >> > >> >> > >> >> > But Still this user is able to delete files from the bucket :( >> >> > >> >> > Am I missing something here ? >> >> > >> >> > >> >> What version are you running? Just tried it with dumpling and it >> >> worked ok. Can you provide rgw logs for it? (acl setting + removal; >> >> set 'debug rgw = 20' and 'debug ms = 1'). >> >> >> >> Thanks, >> >> Yehuda >> > >> > >> > >> > _____________________________________________________________ >> > The information contained in this communication is intended solely for >> > the >> > use of the individual or entity to whom it is addressed and others >> > authorized to receive it. It may contain confidential or legally >> > privileged >> > information. If you are not the intended recipient you are hereby >> > notified >> > that any disclosure, copying, distribution or taking any action in >> > reliance >> > on the contents of this information is strictly prohibited and may be >> > unlawful. If you have received this communication in error, please >> > notify us >> > immediately by responding to this email and then delete it from your >> > system. >> > The firm is neither liable for the proper and complete transmission of >> > the >> > information contained in this communication nor for any delay in its >> > receipt. > > > > _____________________________________________________________ > The information contained in this communication is intended solely for the > use of the individual or entity to whom it is addressed and others > authorized to receive it. It may contain confidential or legally privileged > information. If you are not the intended recipient you are hereby notified > that any disclosure, copying, distribution or taking any action in reliance > on the contents of this information is strictly prohibited and may be > unlawful. If you have received this communication in error, please notify us > immediately by responding to this email and then delete it from your system. > The firm is neither liable for the proper and complete transmission of the > information contained in this communication nor for any delay in its > receipt. _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |