Re: Custom ACL's are not being honoured.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Thanks a lot Yahuda ! I didnt understand the meaning of "--system" while creating users !

Now I created a non-system user, apart from giving READ permission to new user using putacl, Should I add this user in to the zone configuration or add as a subuser under the system user  ?


Thank you,




On Wed, Jan 8, 2014 at 11:57 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote:
Try
$ radosgw-admin user modify --uid=jaseer --system=false

Users should not be created with the system flag by default.

On Wed, Jan 8, 2014 at 10:24 AM, hemant burman <hemant.burman@xxxxxxxxx> wrote:
> Thanks a lot Yehuda for pointing that out, so how should we create a
> non-system user and also how should we remove the system flag from a user?
>
> -Hemant
>
>
> On Wed, Jan 8, 2014 at 11:44 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx> wrote:
>>
>> Well, user jaseer has the 'system' flag set so it acts like a super user.
>>
>> On Wed, Jan 8, 2014 at 10:09 AM, Jaseer Tk <jaseer.tk@xxxxxxxxxx> wrote:
>> >
>> > You were right. Sorry for the misdirection.
>> >
>> > logs for getacl:
>> > ================
>> > 2014-01-08 17:58:37.228949 7faae2d93780 20 enqueued request
>> > req=0x2182c90
>> > 2014-01-08 17:58:37.228968 7faae2d93780 20 RGWWQ:
>> > 2014-01-08 17:58:37.228970 7faae2d93780 20 req: 0x2182c90
>> > 2014-01-08 17:58:37.228976 7faae2d93780 10 allocated request
>> > req=0x21829b0
>> > 2014-01-08 17:58:37.228999 7faa4ffdf700 20 dequeued request
>> > req=0x2182c90
>> > 2014-01-08 17:58:37.229009 7faa4ffdf700 20 RGWWQ: empty
>> > 2014-01-08 17:58:37.229015 7faa4ffdf700  1 ====== starting new request
>> > req=0x2182c90 =====
>> > 2014-01-08 17:58:37.229069 7faa4ffdf700  2 req 21:0.000054::GET
>> > /Test3::initializing
>> > 2014-01-08 17:58:37.229076 7faa4ffdf700 10 host=isp.inmobi.com
>> > rgw_dns_name=isp.inmobi.com
>> > 2014-01-08 17:58:37.229106 7faa4ffdf700 10 s->object=<NULL>
>> > s->bucket=Test3
>> > 2014-01-08 17:58:37.229112 7faa4ffdf700 20 FCGI_ROLE=RESPONDER
>> > 2014-01-08 17:58:37.229113 7faa4ffdf700 20 SCRIPT_URL=/Test3
>> > 2014-01-08 17:58:37.229114 7faa4ffdf700 20
>> > SCRIPT_URI=http://isp.inmobi.com/Test3
>> > 2014-01-08 17:58:37.229115 7faa4ffdf700 20 HTTP_AUTHORIZATION=AWS
>> > RDDGMHRBXJN6HY3BOEO7:5Dl428zBfcGMrNknuT6VwIFkYnE=
>> > 2014-01-08 17:58:37.229116 7faa4ffdf700 20 HTTP_HOST=isp.inmobi.com
>> > 2014-01-08 17:58:37.229117 7faa4ffdf700 20
>> > HTTP_USER_AGENT=aws-sdk-php2/2.1.0 Guzzle/3.1.2 curl/7.19.7
>> > PHP/5.3.2-1ubuntu4.22
>> > 2014-01-08 17:58:37.229119 7faa4ffdf700 20 HTTP_DATE=Wed, 08 Jan 2014
>> > 17:58:36 +0000
>> > 2014-01-08 17:58:37.229120 7faa4ffdf700 20
>> > PATH=/usr/local/bin:/usr/bin:/bin
>> > 2014-01-08 17:58:37.229120 7faa4ffdf700 20 SERVER_SIGNATURE=
>> > 2014-01-08 17:58:37.229121 7faa4ffdf700 20 SERVER_SOFTWARE=Apache/2.2.22
>> > (Ubuntu)
>> > 2014-01-08 17:58:37.229121 7faa4ffdf700 20 SERVER_NAME=isp.inmobi.com
>> > 2014-01-08 17:58:37.229122 7faa4ffdf700 20 SERVER_ADDR=10.2.4.203
>> > 2014-01-08 17:58:37.229122 7faa4ffdf700 20 SERVER_PORT=80
>> > 2014-01-08 17:58:37.229123 7faa4ffdf700 20 REMOTE_ADDR=10.14.100.34
>> > 2014-01-08 17:58:37.229124 7faa4ffdf700 20 DOCUMENT_ROOT=/var/www
>> > 2014-01-08 17:58:37.229124 7faa4ffdf700 20
>> > SERVER_ADMIN=app-ops@xxxxxxxxxx
>> > 2014-01-08 17:58:37.229125 7faa4ffdf700 20
>> > SCRIPT_FILENAME=/var/www/s3gw.fcgi
>> > 2014-01-08 17:58:37.229125 7faa4ffdf700 20 REMOTE_PORT=50682
>> > 2014-01-08 17:58:37.229126 7faa4ffdf700 20 GATEWAY_INTERFACE=CGI/1.1
>> > 2014-01-08 17:58:37.229126 7faa4ffdf700 20 SERVER_PROTOCOL=HTTP/1.1
>> > 2014-01-08 17:58:37.229127 7faa4ffdf700 20 REQUEST_METHOD=GET
>> > 2014-01-08 17:58:37.229127 7faa4ffdf700 20
>> > QUERY_STRING=page=Test3&params=&acl
>> > 2014-01-08 17:58:37.229128 7faa4ffdf700 20 REQUEST_URI=/Test3?acl
>> > 2014-01-08 17:58:37.229129 7faa4ffdf700 20 SCRIPT_NAME=/Test3
>> > 2014-01-08 17:58:37.229130 7faa4ffdf700  2 req 21:0.000115:s3:GET
>> > /Test3::getting op
>> > 2014-01-08 17:58:37.229134 7faa4ffdf700  2 req 21:0.000119:s3:GET
>> > /Test3:get_acls:authorizing
>> > 2014-01-08 17:58:37.229156 7faa4ffdf700 20 get_obj_state:
>> > rctx=0x7fa9b4004670 obj=.us-east-1.users:RDDGMHRBXJN6HY3BOEO7
>> > state=0x7fa9b4004738 s->prefetch_data=0
>> > 2014-01-08 17:58:37.229166 7faa4ffdf700 10 moving
>> > .us-east-1.users+RDDGMHRBXJN6HY3BOEO7 to cache LRU end
>> > 2014-01-08 17:58:37.229169 7faa4ffdf700 10 cache get:
>> > name=.us-east-1.users+RDDGMHRBXJN6HY3BOEO7 : hit
>> > 2014-01-08 17:58:37.229177 7faa4ffdf700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 17:58:37.229182 7faa4ffdf700 10 moving
>> > .us-east-1.users+RDDGMHRBXJN6HY3BOEO7 to cache LRU end
>> > 2014-01-08 17:58:37.229184 7faa4ffdf700 10 cache get:
>> > name=.us-east-1.users+RDDGMHRBXJN6HY3BOEO7 : hit
>> > 2014-01-08 17:58:37.229199 7faa4ffdf700 20 get_obj_state:
>> > rctx=0x7fa9b4004a50 obj=.us-east-1.users.uid:app-ops
>> > state=0x7fa9b4004738
>> > s->prefetch_data=0
>> > 2014-01-08 17:58:37.229206 7faa4ffdf700 10 moving
>> > .us-east-1.users.uid+app-ops to cache LRU end
>> > 2014-01-08 17:58:37.229208 7faa4ffdf700 10 cache get:
>> > name=.us-east-1.users.uid+app-ops : hit
>> > 2014-01-08 17:58:37.229212 7faa4ffdf700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 17:58:37.229215 7faa4ffdf700 10 moving
>> > .us-east-1.users.uid+app-ops to cache LRU end
>> > 2014-01-08 17:58:37.229216 7faa4ffdf700 10 cache get:
>> > name=.us-east-1.users.uid+app-ops : hit
>> > 2014-01-08 17:58:37.229264 7faa4ffdf700 10 get_canon_resource():
>> > dest=/Test3?acl
>> > 2014-01-08 17:58:37.229267 7faa4ffdf700 10 auth_hdr:
>> > GET
>> >
>> >
>> > Wed, 08 Jan 2014 17:58:36 +0000
>> > /Test3?acl
>> > 2014-01-08 17:58:37.229330 7faa4ffdf700 15 calculated
>> > digest=5Dl428zBfcGMrNknuT6VwIFkYnE=
>> > 2014-01-08 17:58:37.229332 7faa4ffdf700 15
>> > auth_sign=5Dl428zBfcGMrNknuT6VwIFkYnE=
>> > 2014-01-08 17:58:37.229333 7faa4ffdf700 15 compare=0
>> > 2014-01-08 17:58:37.229335 7faa4ffdf700 20 system request
>> > 2014-01-08 17:58:37.229338 7faa4ffdf700  2 req 21:0.000323:s3:GET
>> > /Test3:get_acls:reading permissions
>> > 2014-01-08 17:58:37.229349 7faa4ffdf700 20 get_obj_state:
>> > rctx=0x7fa9b4000ee0 obj=.us-east-1.rgw:Test3 state=0x7fa9b40062c8
>> > s->prefetch_data=0
>> > 2014-01-08 17:58:37.229356 7faa4ffdf700 10 moving .us-east-1.rgw+Test3
>> > to
>> > cache LRU end
>> > 2014-01-08 17:58:37.229357 7faa4ffdf700 10 cache get:
>> > name=.us-east-1.rgw+Test3 : hit
>> > 2014-01-08 17:58:37.229360 7faa4ffdf700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 17:58:37.229363 7faa4ffdf700 20 Read xattr: user.rgw.idtag
>> > 2014-01-08 17:58:37.229363 7faa4ffdf700 20 Read xattr: user.rgw.manifest
>> > 2014-01-08 17:58:37.229366 7faa4ffdf700 10 moving .us-east-1.rgw+Test3
>> > to
>> > cache LRU end
>> > 2014-01-08 17:58:37.229366 7faa4ffdf700 10 cache get:
>> > name=.us-east-1.rgw+Test3 : hit
>> > 2014-01-08 17:58:37.229374 7faa4ffdf700 20 rgw_get_bucket_info: bucket
>> > instance:
>> >
>> > Test3(@{i=.us-east-1.rgw.buckets.index}.us-east-1.rgw.buckets[east-1.8607.1])
>> > 2014-01-08 17:58:37.229379 7faa4ffdf700 20 reading from
>> > .us-east-1.rgw:.bucket.meta.Test3:east-1.8607.1
>> > 2014-01-08 17:58:37.229383 7faa4ffdf700 20 get_obj_state:
>> > rctx=0x7fa9b4000ee0 obj=.us-east-1.rgw:.bucket.meta.Test3:east-1.8607.1
>> > state=0x7fa9b4006ff8 s->prefetch_data=0
>> > 2014-01-08 17:58:37.229388 7faa4ffdf700 10 moving
>> > .us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 to cache LRU end
>> > 2014-01-08 17:58:37.229389 7faa4ffdf700 10 cache get:
>> > name=.us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 : hit
>> > 2014-01-08 17:58:37.229394 7faa4ffdf700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 17:58:37.229396 7faa4ffdf700 20 Read xattr: user.rgw.acl
>> > 2014-01-08 17:58:37.229397 7faa4ffdf700 20 Read xattr: user.rgw.idtag
>> > 2014-01-08 17:58:37.229397 7faa4ffdf700 20 Read xattr: user.rgw.manifest
>> > 2014-01-08 17:58:37.229399 7faa4ffdf700 10 moving
>> > .us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 to cache LRU end
>> > 2014-01-08 17:58:37.229400 7faa4ffdf700 10 cache get:
>> > name=.us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 : hit
>> > 2014-01-08 17:58:37.229423 7faa4ffdf700 15 Read
>> > AccessControlPolicy<AccessControlPolicy
>> >
>> > xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>app-ops</ID><DisplayName>Region-US
>> > Zone-East</DisplayName></Owner><AccessControlList><Grant><Grantee
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="CanonicalUser"><ID>jaseer</ID><DisplayName>Jaseer
>> >
>> > TK</DisplayName></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
>> > 2014-01-08 17:58:37.229436 7faa4ffdf700 15 Read
>> > AccessControlPolicy<AccessControlPolicy
>> >
>> > xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>app-ops</ID><DisplayName>Region-US
>> > Zone-East</DisplayName></Owner><AccessControlList><Grant><Grantee
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="CanonicalUser"><ID>jaseer</ID><DisplayName>Jaseer
>> >
>> > TK</DisplayName></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
>> > 2014-01-08 17:58:37.229441 7faa4ffdf700  2 req 21:0.000426:s3:GET
>> > /Test3:get_acls:init op
>> > 2014-01-08 17:58:37.229444 7faa4ffdf700  2 req 21:0.000429:s3:GET
>> > /Test3:get_acls:verifying op mask
>> > 2014-01-08 17:58:37.229446 7faa4ffdf700 20 required_mask= 1
>> > user.op_mask=7
>> > 2014-01-08 17:58:37.229448 7faa4ffdf700  2 req 21:0.000432:s3:GET
>> > /Test3:get_acls:verifying op permissions
>> > 2014-01-08 17:58:37.229450 7faa4ffdf700  5 Searching permissions for
>> > uid=app-ops mask=52
>> > 2014-01-08 17:58:37.229452 7faa4ffdf700  5 Permissions for user not
>> > found
>> > 2014-01-08 17:58:37.229453 7faa4ffdf700  5 Searching permissions for
>> > group=1
>> > mask=52
>> > 2014-01-08 17:58:37.229454 7faa4ffdf700  5 Permissions for group not
>> > found
>> > 2014-01-08 17:58:37.229455 7faa4ffdf700  5 Searching permissions for
>> > group=2
>> > mask=52
>> > 2014-01-08 17:58:37.229456 7faa4ffdf700  5 Permissions for group not
>> > found
>> > 2014-01-08 17:58:37.229456 7faa4ffdf700  5 Getting permissions
>> > id=app-ops
>> > owner=app-ops perm=4
>> > 2014-01-08 17:58:37.229457 7faa4ffdf700 10  uid=app-ops requested perm
>> > (type)=4, policy perm=4, user_perm_mask=4, acl perm=4
>> > 2014-01-08 17:58:37.229459 7faa4ffdf700  2 req 21:0.000444:s3:GET
>> > /Test3:get_acls:verifying op params
>> > 2014-01-08 17:58:37.229460 7faa4ffdf700  2 req 21:0.000445:s3:GET
>> > /Test3:get_acls:executing
>> > 2014-01-08 17:58:37.229480 7faa4ffdf700  2 req 21:0.000465:s3:GET
>> > /Test3:get_acls:http status=200
>> > 2014-01-08 17:58:37.229658 7faa4ffdf700  1 ====== req done req=0x2182c90
>> > http_status=200 ======
>> >
>> >
>> > ==============
>> >
>> >
>> >
>> > Logs for putacl:
>> > ===============
>> >
>> > 2014-01-08 18:00:35.160860 7faae2d93780 20 enqueued request
>> > req=0x21829b0
>> > 2014-01-08 18:00:35.160884 7faae2d93780 20 RGWWQ:
>> > 2014-01-08 18:00:35.160887 7faae2d93780 20 req: 0x21829b0
>> > 2014-01-08 18:00:35.160956 7faae2d93780 10 allocated request
>> > req=0x2132c60
>> > 2014-01-08 18:00:35.161006 7faa67fff700 20 dequeued request
>> > req=0x21829b0
>> > 2014-01-08 18:00:35.161023 7faa67fff700 20 RGWWQ: empty
>> > 2014-01-08 18:00:35.161033 7faa67fff700  1 ====== starting new request
>> > req=0x21829b0 =====
>> > 2014-01-08 18:00:35.161114 7faa67fff700  2 req 22:0.000082::PUT
>> > /Test3::initializing
>> > 2014-01-08 18:00:35.161123 7faa67fff700 10 host=isp.inmobi.com
>> > rgw_dns_name=isp.inmobi.com
>> > 2014-01-08 18:00:35.161161 7faa67fff700 10 s->object=<NULL>
>> > s->bucket=Test3
>> > 2014-01-08 18:00:35.161174 7faa67fff700 20 FCGI_ROLE=RESPONDER
>> > 2014-01-08 18:00:35.161176 7faa67fff700 20 SCRIPT_URL=/Test3
>> > 2014-01-08 18:00:35.161177 7faa67fff700 20
>> > SCRIPT_URI=http://isp.inmobi.com/Test3
>> > 2014-01-08 18:00:35.161177 7faa67fff700 20 HTTP_AUTHORIZATION=AWS
>> > RDDGMHRBXJN6HY3BOEO7:N0+TC4Kr2N45xKKxUZkCyHpgQ74=
>> > 2014-01-08 18:00:35.161178 7faa67fff700 20 HTTP_USER_AGENT=S3/php
>> > 2014-01-08 18:00:35.161179 7faa67fff700 20 HTTP_ACCEPT=*/*
>> > 2014-01-08 18:00:35.161179 7faa67fff700 20 HTTP_HOST=isp.inmobi.com
>> > 2014-01-08 18:00:35.161180 7faa67fff700 20 HTTP_DATE=Wed, 08 Jan 2014
>> > 18:00:34 GMT
>> > 2014-01-08 18:00:35.161181 7faa67fff700 20 CONTENT_TYPE=application/xml
>> > 2014-01-08 18:00:35.161181 7faa67fff700 20 CONTENT_LENGTH=447
>> > 2014-01-08 18:00:35.161182 7faa67fff700 20
>> > PATH=/usr/local/bin:/usr/bin:/bin
>> > 2014-01-08 18:00:35.161183 7faa67fff700 20 SERVER_SIGNATURE=
>> > 2014-01-08 18:00:35.161183 7faa67fff700 20 SERVER_SOFTWARE=Apache/2.2.22
>> > (Ubuntu)
>> > 2014-01-08 18:00:35.161184 7faa67fff700 20 SERVER_NAME=isp.inmobi.com
>> > 2014-01-08 18:00:35.161185 7faa67fff700 20 SERVER_ADDR=10.2.4.203
>> > 2014-01-08 18:00:35.161185 7faa67fff700 20 SERVER_PORT=80
>> > 2014-01-08 18:00:35.161186 7faa67fff700 20 REMOTE_ADDR=10.14.100.34
>> > 2014-01-08 18:00:35.161187 7faa67fff700 20 DOCUMENT_ROOT=/var/www
>> > 2014-01-08 18:00:35.161187 7faa67fff700 20
>> > SERVER_ADMIN=app-ops@xxxxxxxxxx
>> > 2014-01-08 18:00:35.161188 7faa67fff700 20
>> > SCRIPT_FILENAME=/var/www/s3gw.fcgi
>> > 2014-01-08 18:00:35.161188 7faa67fff700 20 REMOTE_PORT=50702
>> > 2014-01-08 18:00:35.161189 7faa67fff700 20 GATEWAY_INTERFACE=CGI/1.1
>> > 2014-01-08 18:00:35.161189 7faa67fff700 20 SERVER_PROTOCOL=HTTP/1.1
>> > 2014-01-08 18:00:35.161190 7faa67fff700 20 REQUEST_METHOD=PUT
>> > 2014-01-08 18:00:35.161190 7faa67fff700 20
>> > QUERY_STRING=page=Test3&params=&acl
>> > 2014-01-08 18:00:35.161191 7faa67fff700 20 REQUEST_URI=/Test3?acl
>> > 2014-01-08 18:00:35.161191 7faa67fff700 20 SCRIPT_NAME=/Test3
>> > 2014-01-08 18:00:35.161192 7faa67fff700  2 req 22:0.000160:s3:PUT
>> > /Test3::getting op
>> > 2014-01-08 18:00:35.161195 7faa67fff700  2 req 22:0.000163:s3:PUT
>> > /Test3:put_acls:authorizing
>> > 2014-01-08 18:00:35.161214 7faa67fff700 20 get_obj_state:
>> > rctx=0x7faa20005110 obj=.us-east-1.users:RDDGMHRBXJN6HY3BOEO7
>> > state=0x7faa200051d8 s->prefetch_data=0
>> > 2014-01-08 18:00:35.161224 7faa67fff700 10 moving
>> > .us-east-1.users+RDDGMHRBXJN6HY3BOEO7 to cache LRU end
>> > 2014-01-08 18:00:35.161227 7faa67fff700 10 cache get:
>> > name=.us-east-1.users+RDDGMHRBXJN6HY3BOEO7 : hit
>> > 2014-01-08 18:00:35.161233 7faa67fff700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:00:35.161238 7faa67fff700 10 moving
>> > .us-east-1.users+RDDGMHRBXJN6HY3BOEO7 to cache LRU end
>> > 2014-01-08 18:00:35.161239 7faa67fff700 10 cache get:
>> > name=.us-east-1.users+RDDGMHRBXJN6HY3BOEO7 : hit
>> > 2014-01-08 18:00:35.161252 7faa67fff700 20 get_obj_state:
>> > rctx=0x7faa20005300 obj=.us-east-1.users.uid:app-ops
>> > state=0x7faa20005948
>> > s->prefetch_data=0
>> > 2014-01-08 18:00:35.161260 7faa67fff700 10 moving
>> > .us-east-1.users.uid+app-ops to cache LRU end
>> > 2014-01-08 18:00:35.161262 7faa67fff700 10 cache get:
>> > name=.us-east-1.users.uid+app-ops : hit
>> > 2014-01-08 18:00:35.161265 7faa67fff700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:00:35.161268 7faa67fff700 10 moving
>> > .us-east-1.users.uid+app-ops to cache LRU end
>> > 2014-01-08 18:00:35.161269 7faa67fff700 10 cache get:
>> > name=.us-east-1.users.uid+app-ops : hit
>> > 2014-01-08 18:00:35.161304 7faa67fff700 10 get_canon_resource():
>> > dest=/Test3?acl
>> > 2014-01-08 18:00:35.161306 7faa67fff700 10 auth_hdr:
>> > PUT
>> >
>> > application/xml
>> > Wed, 08 Jan 2014 18:00:34 GMT
>> > /Test3?acl
>> > 2014-01-08 18:00:35.161373 7faa67fff700 15 calculated
>> > digest=N0+TC4Kr2N45xKKxUZkCyHpgQ74=
>> > 2014-01-08 18:00:35.161375 7faa67fff700 15
>> > auth_sign=N0+TC4Kr2N45xKKxUZkCyHpgQ74=
>> > 2014-01-08 18:00:35.161376 7faa67fff700 15 compare=0
>> > 2014-01-08 18:00:35.161377 7faa67fff700 20 system request
>> > 2014-01-08 18:00:35.161381 7faa67fff700  2 req 22:0.000348:s3:PUT
>> > /Test3:put_acls:reading permissions
>> > 2014-01-08 18:00:35.161391 7faa67fff700 20 get_obj_state:
>> > rctx=0x7faa20000ee0 obj=.us-east-1.rgw:Test3 state=0x7faa20006a78
>> > s->prefetch_data=0
>> > 2014-01-08 18:00:35.161397 7faa67fff700 10 moving .us-east-1.rgw+Test3
>> > to
>> > cache LRU end
>> > 2014-01-08 18:00:35.161399 7faa67fff700 10 cache get:
>> > name=.us-east-1.rgw+Test3 : hit
>> > 2014-01-08 18:00:35.161403 7faa67fff700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:00:35.161404 7faa67fff700 20 Read xattr: user.rgw.idtag
>> > 2014-01-08 18:00:35.161405 7faa67fff700 20 Read xattr: user.rgw.manifest
>> > 2014-01-08 18:00:35.161407 7faa67fff700 10 moving .us-east-1.rgw+Test3
>> > to
>> > cache LRU end
>> > 2014-01-08 18:00:35.161408 7faa67fff700 10 cache get:
>> > name=.us-east-1.rgw+Test3 : hit
>> > 2014-01-08 18:00:35.161462 7faa67fff700 20 rgw_get_bucket_info: bucket
>> > instance:
>> >
>> > Test3(@{i=.us-east-1.rgw.buckets.index}.us-east-1.rgw.buckets[east-1.8607.1])
>> > 2014-01-08 18:00:35.161547 7faa67fff700 20 reading from
>> > .us-east-1.rgw:.bucket.meta.Test3:east-1.8607.1
>> > 2014-01-08 18:00:35.161551 7faa67fff700 20 get_obj_state:
>> > rctx=0x7faa20000ee0 obj=.us-east-1.rgw:.bucket.meta.Test3:east-1.8607.1
>> > state=0x7faa200076f8 s->prefetch_data=0
>> > 2014-01-08 18:00:35.161557 7faa67fff700 10 moving
>> > .us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 to cache LRU end
>> > 2014-01-08 18:00:35.161559 7faa67fff700 10 cache get:
>> > name=.us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 : hit
>> > 2014-01-08 18:00:35.161564 7faa67fff700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:00:35.161565 7faa67fff700 20 Read xattr: user.rgw.acl
>> > 2014-01-08 18:00:35.161567 7faa67fff700 20 Read xattr: user.rgw.idtag
>> > 2014-01-08 18:00:35.161568 7faa67fff700 20 Read xattr: user.rgw.manifest
>> > 2014-01-08 18:00:35.161570 7faa67fff700 10 moving
>> > .us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 to cache LRU end
>> > 2014-01-08 18:00:35.161572 7faa67fff700 10 cache get:
>> > name=.us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 : hit
>> > 2014-01-08 18:00:35.161592 7faa67fff700 15 Read
>> > AccessControlPolicy<AccessControlPolicy
>> >
>> > xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>app-ops</ID><DisplayName>Region-US
>> > Zone-East</DisplayName></Owner><AccessControlList><Grant><Grantee
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="CanonicalUser"><ID>jaseer</ID><DisplayName>Jaseer
>> >
>> > TK</DisplayName></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
>> > 2014-01-08 18:00:35.161604 7faa67fff700 15 Read
>> > AccessControlPolicy<AccessControlPolicy
>> >
>> > xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>app-ops</ID><DisplayName>Region-US
>> > Zone-East</DisplayName></Owner><AccessControlList><Grant><Grantee
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="CanonicalUser"><ID>jaseer</ID><DisplayName>Jaseer
>> >
>> > TK</DisplayName></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
>> > 2014-01-08 18:00:35.161610 7faa67fff700  2 req 22:0.000578:s3:PUT
>> > /Test3:put_acls:init op
>> > 2014-01-08 18:00:35.161613 7faa67fff700  2 req 22:0.000581:s3:PUT
>> > /Test3:put_acls:verifying op mask
>> > 2014-01-08 18:00:35.161615 7faa67fff700 20 required_mask= 2
>> > user.op_mask=7
>> > 2014-01-08 18:00:35.161616 7faa67fff700  2 req 22:0.000584:s3:PUT
>> > /Test3:put_acls:verifying op permissions
>> > 2014-01-08 18:00:35.161619 7faa67fff700  5 Searching permissions for
>> > uid=app-ops mask=56
>> > 2014-01-08 18:00:35.161620 7faa67fff700  5 Permissions for user not
>> > found
>> > 2014-01-08 18:00:35.161621 7faa67fff700  5 Searching permissions for
>> > group=1
>> > mask=56
>> > 2014-01-08 18:00:35.161622 7faa67fff700  5 Permissions for group not
>> > found
>> > 2014-01-08 18:00:35.161623 7faa67fff700  5 Searching permissions for
>> > group=2
>> > mask=56
>> > 2014-01-08 18:00:35.161624 7faa67fff700  5 Permissions for group not
>> > found
>> > 2014-01-08 18:00:35.161625 7faa67fff700  5 Getting permissions
>> > id=app-ops
>> > owner=app-ops perm=8
>> > 2014-01-08 18:00:35.161626 7faa67fff700 10  uid=app-ops requested perm
>> > (type)=8, policy perm=8, user_perm_mask=8, acl perm=8
>> > 2014-01-08 18:00:35.161627 7faa67fff700  2 req 22:0.000595:s3:PUT
>> > /Test3:put_acls:verifying op params
>> > 2014-01-08 18:00:35.161629 7faa67fff700  2 req 22:0.000597:s3:PUT
>> > /Test3:put_acls:executing
>> > 2014-01-08 18:00:35.161641 7faa67fff700 15 read len=447 data=""> >> > version="1.0"?>
>> > <AccessControlPolicy>
>> >   <Owner>
>> >     <ID>app-ops</ID>
>> >     <DisplayName>Region-US Zone-East</DisplayName>
>> >   </Owner>
>> >   <AccessControlList>
>> >     <Grant>
>> >       <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="CanonicalUser">
>> >         <ID>jaseer</ID>
>> >         <DisplayName>Jaseer TK</DisplayName>
>> >       </Grantee>
>> >       <Permission>READ</Permission>
>> >     </Grant>
>> >   </AccessControlList>
>> > </AccessControlPolicy>
>> >
>> > 2014-01-08 18:00:35.161701 7faa67fff700 15 Old
>> > AccessControlPolicy<AccessControlPolicy
>> >
>> > xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>app-ops</ID><DisplayName>Region-US
>> > Zone-East</DisplayName></Owner><AccessControlList><Grant><Grantee
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="CanonicalUser"><ID>jaseer</ID><DisplayName>Jaseer
>> >
>> > TK</DisplayName></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
>> > 2014-01-08 18:00:35.161712 7faa67fff700 20 get_obj_state:
>> > rctx=0x7faa2000d9b0 obj=.us-east-1.users.uid:app-ops
>> > state=0x7faa2000dd68
>> > s->prefetch_data=0
>> > 2014-01-08 18:00:35.161718 7faa67fff700 10 moving
>> > .us-east-1.users.uid+app-ops to cache LRU end
>> > 2014-01-08 18:00:35.161723 7faa67fff700 10 cache get:
>> > name=.us-east-1.users.uid+app-ops : hit
>> > 2014-01-08 18:00:35.161726 7faa67fff700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:00:35.161730 7faa67fff700 10 moving
>> > .us-east-1.users.uid+app-ops to cache LRU end
>> > 2014-01-08 18:00:35.161731 7faa67fff700 10 cache get:
>> > name=.us-east-1.users.uid+app-ops : hit
>> > 2014-01-08 18:00:35.161744 7faa67fff700 20 owner id=app-ops
>> > 2014-01-08 18:00:35.161746 7faa67fff700 20 dest owner id=app-ops
>> > 2014-01-08 18:00:35.161750 7faa67fff700 20 get_obj_state:
>> > rctx=0x7faa2000e1a0 obj=.us-east-1.users.uid:jaseer state=0x7faa2000e668
>> > s->prefetch_data=0
>> > 2014-01-08 18:00:35.161755 7faa67fff700 10 moving
>> > .us-east-1.users.uid+jaseer to cache LRU end
>> > 2014-01-08 18:00:35.161756 7faa67fff700 10 cache get:
>> > name=.us-east-1.users.uid+jaseer : hit
>> > 2014-01-08 18:00:35.161759 7faa67fff700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:00:35.161762 7faa67fff700 10 moving
>> > .us-east-1.users.uid+jaseer to cache LRU end
>> > 2014-01-08 18:00:35.161763 7faa67fff700 10 cache get:
>> > name=.us-east-1.users.uid+jaseer : hit
>> > 2014-01-08 18:00:35.161771 7faa67fff700 10 new grant: jaseer:Jaseer TK
>> > 2014-01-08 18:00:35.161775 7faa67fff700 15 New
>> > AccessControlPolicy:<AccessControlPolicy
>> >
>> > xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>app-ops</ID><DisplayName>Region-US
>> > Zone-East</DisplayName></Owner><AccessControlList><Grant><Grantee
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="CanonicalUser"><ID>jaseer</ID><DisplayName>Jaseer
>> >
>> > TK</DisplayName></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
>> > 2014-01-08 18:00:35.161873 7faa67fff700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.203:6855/22095 -- osd_op(client.8604.0:1243
>> > .bucket.meta.Test3:east-1.8607.1 [call version.check_conds,call
>> > version.set,setxattr user.rgw.acl (150)] 16.7d61d036 e567) v4 -- ?+0
>> > 0x7faa2000fd30 con 0x7faabc032950
>> > 2014-01-08 18:00:35.190879 7faad8d3c700  1 -- 10.2.4.203:0/1004169 <==
>> > osd.56 10.2.4.203:6855/22095 1 ==== osd_op_reply(1243
>> > .bucket.meta.Test3:east-1.8607.1 [call,call,setxattr (150)] v567'4 uv4
>> > _ondisk_ = 0) v6 ==== 275+0+0 (1563155070 0 0) 0x7fa9d0000fa0 con
>> > 0x7faabc032950
>> > 2014-01-08 18:00:35.191067 7faa67fff700 10 cache put:
>> > name=.us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1
>> > 2014-01-08 18:00:35.191104 7faa67fff700 10 moving
>> > .us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 to cache LRU end
>> > 2014-01-08 18:00:35.191108 7faa67fff700 10 appending xattr:
>> > name=user.rgw.acl bl.length()=150
>> > 2014-01-08 18:00:35.191132 7faa67fff700 10 distributing notification
>> > oid=notify.5 bl.length()=458
>> > 2014-01-08 18:00:35.191206 7faa67fff700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.90:6826/28037 -- osd_op(client.8604.0:1244 notify.5 [notify 13~0]
>> > 5.31099063 e567) v4 -- ?+0 0x7faa2000f900 con 0x2191210
>> > 2014-01-08 18:00:35.192695 7faad8d3c700  1 -- 10.2.4.203:0/1004169 <==
>> > osd.10 10.2.4.90:6826/28037 100 ==== watch-notify(c=6 v=1
>> > i=2435246456858
>> > opcode=1) v1 ==== 488+0+0 (3994886606 0 0) 0x7faa8000bf30 con 0x2191210
>> > 2014-01-08 18:00:35.192919 7faad1ffb700 10 RGWWatcher::notify() opcode=1
>> > ver=1 bl.length()=458
>> > 2014-01-08 18:00:35.193030 7faad1ffb700 10 cache put:
>> > name=.us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1
>> > 2014-01-08 18:00:35.193037 7faad1ffb700 10 moving
>> > .us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 to cache LRU end
>> > 2014-01-08 18:00:35.193041 7faad1ffb700 10 appending xattr:
>> > name=user.rgw.acl bl.length()=150
>> > 2014-01-08 18:00:35.193103 7faad1ffb700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.90:6826/28037 -- osd_op(client.8604.0:1245 notify.5 [notify-ack
>> > 2435246456858~1] 5.31099063 e567) v4 -- ?+0 0x7faa840048d0 con 0x2191210
>> > 2014-01-08 18:00:35.193114 7faad8d3c700  1 -- 10.2.4.203:0/1004169 <==
>> > osd.10 10.2.4.90:6826/28037 101 ==== osd_op_reply(1244 notify.5 [notify
>> > 13~0] v0'0 uv1 _ondisk_ = 0) v6 ==== 167+0+0 (1829242010 0 0)
>> > 0x7faa8001db70
>> > con 0x2191210
>> > 2014-01-08 18:00:35.194590 7faad8d3c700  1 -- 10.2.4.203:0/1004169 <==
>> > osd.10 10.2.4.90:6826/28037 102 ==== osd_op_reply(1245 notify.5
>> > [notify-ack
>> > 2435246456858~1] v0'0 uv1 _ondisk_ = 0) v6 ==== 167+0+0 (2561335616 0 0)
>> > 0x7faa8001db70 con 0x2191210
>> > 2014-01-08 18:00:35.194931 7faad8d3c700  1 -- 10.2.4.203:0/1004169 <==
>> > osd.10 10.2.4.90:6826/28037 103 ==== watch-notify(c=13 v=1
>> > i=2435246456858
>> > opcode=1) v1 ==== 488+0+0 (1666694009 0 0) 0x7faa8001db70 con 0x2191210
>> > 2014-01-08 18:00:35.195164 7faad1ffb700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.90:6826/28037 -- osd_op(client.8604.0:1246 notify.5 [notify-ack
>> > 2435246456858~1] 5.31099063 e567) v4 -- ?+0 0x7faa840048d0 con 0x2191210
>> > 2014-01-08 18:00:35.195532 7faa67fff700  2 req 22:0.034499:s3:PUT
>> > /Test3:put_acls:http status=200
>> > 2014-01-08 18:00:35.195818 7faa67fff700  1 ====== req done req=0x21829b0
>> > http_status=200 ======
>> >
>> >
>> >
>> > =========================
>> >
>> >
>> > Logs for s3 file deletion:
>> >
>> > =======
>> > 2014-01-08 18:06:46.389380 7faae2d93780 20 enqueued request
>> > req=0x214c030
>> > 2014-01-08 18:06:46.389405 7faae2d93780 20 RGWWQ:
>> > 2014-01-08 18:06:46.389407 7faae2d93780 20 req: 0x214c030
>> > 2014-01-08 18:06:46.389473 7faae2d93780 10 allocated request
>> > req=0x217a960
>> > 2014-01-08 18:06:46.389529 7faa3c7b8700 20 dequeued request
>> > req=0x214c030
>> > 2014-01-08 18:06:46.389539 7faa3c7b8700 20 RGWWQ: empty
>> > 2014-01-08 18:06:46.389552 7faa3c7b8700  1 ====== starting new request
>> > req=0x214c030 =====
>> > 2014-01-08 18:06:46.389615 7faa3c7b8700  2 req 24:0.000064::DELETE
>> > /Test3/vip.txt::initializing
>> > 2014-01-08 18:06:46.389622 7faa3c7b8700 10 host=isp.inmobi.com
>> > rgw_dns_name=isp.inmobi.com
>> > 2014-01-08 18:06:46.389634 7faa3c7b8700 10 meta>> HTTP_X_AMZ_DATE
>> > 2014-01-08 18:06:46.389640 7faa3c7b8700 10 x>> x-amz-date:Wed, 08 Jan
>> > 2014
>> > 18:06:42 +0000
>> > 2014-01-08 18:06:46.389658 7faa3c7b8700 10 s->object=vip.txt
>> > s->bucket=Test3
>> > 2014-01-08 18:06:46.389665 7faa3c7b8700 20 FCGI_ROLE=RESPONDER
>> > 2014-01-08 18:06:46.389666 7faa3c7b8700 20 SCRIPT_URL=/Test3/vip.txt
>> > 2014-01-08 18:06:46.389667 7faa3c7b8700 20
>> > SCRIPT_URI=http://isp.inmobi.com/Test3/vip.txt
>> > 2014-01-08 18:06:46.389668 7faa3c7b8700 20 HTTP_AUTHORIZATION=AWS
>> > TJA9G6SOY6VERRZ629JP:PEPnhNtMAMFcg6h+OYGArn+RMX8=
>> > 2014-01-08 18:06:46.389669 7faa3c7b8700 20 HTTP_HOST=isp.inmobi.com
>> > 2014-01-08 18:06:46.389670 7faa3c7b8700 20 HTTP_ACCEPT_ENCODING=identity
>> > 2014-01-08 18:06:46.389670 7faa3c7b8700 20 CONTENT_LENGTH=0
>> > 2014-01-08 18:06:46.389671 7faa3c7b8700 20 HTTP_X_AMZ_DATE=Wed, 08 Jan
>> > 2014
>> > 18:06:42 +0000
>> > 2014-01-08 18:06:46.389672 7faa3c7b8700 20
>> > PATH=/usr/local/bin:/usr/bin:/bin
>> > 2014-01-08 18:06:46.389672 7faa3c7b8700 20 SERVER_SIGNATURE=
>> > 2014-01-08 18:06:46.389673 7faa3c7b8700 20 SERVER_SOFTWARE=Apache/2.2.22
>> > (Ubuntu)
>> > 2014-01-08 18:06:46.389673 7faa3c7b8700 20 SERVER_NAME=isp.inmobi.com
>> > 2014-01-08 18:06:46.389674 7faa3c7b8700 20 SERVER_ADDR=10.2.4.203
>> > 2014-01-08 18:06:46.389674 7faa3c7b8700 20 SERVER_PORT=80
>> > 2014-01-08 18:06:46.389675 7faa3c7b8700 20 REMOTE_ADDR=10.14.118.100
>> > 2014-01-08 18:06:46.389675 7faa3c7b8700 20 DOCUMENT_ROOT=/var/www
>> > 2014-01-08 18:06:46.389676 7faa3c7b8700 20
>> > SERVER_ADMIN=app-ops@xxxxxxxxxx
>> > 2014-01-08 18:06:46.389676 7faa3c7b8700 20
>> > SCRIPT_FILENAME=/var/www/s3gw.fcgi
>> > 2014-01-08 18:06:46.389677 7faa3c7b8700 20 REMOTE_PORT=33904
>> > 2014-01-08 18:06:46.389678 7faa3c7b8700 20 GATEWAY_INTERFACE=CGI/1.1
>> > 2014-01-08 18:06:46.389679 7faa3c7b8700 20 SERVER_PROTOCOL=HTTP/1.1
>> > 2014-01-08 18:06:46.389680 7faa3c7b8700 20 REQUEST_METHOD=DELETE
>> > 2014-01-08 18:06:46.389681 7faa3c7b8700 20
>> > QUERY_STRING=page=Test3&params=/vip.txt
>> > 2014-01-08 18:06:46.389681 7faa3c7b8700 20 REQUEST_URI=/Test3/vip.txt
>> > 2014-01-08 18:06:46.389682 7faa3c7b8700 20 SCRIPT_NAME=/Test3/vip.txt
>> > 2014-01-08 18:06:46.389683 7faa3c7b8700  2 req 24:0.000132:s3:DELETE
>> > /Test3/vip.txt::getting op
>> > 2014-01-08 18:06:46.389686 7faa3c7b8700  2 req 24:0.000135:s3:DELETE
>> > /Test3/vip.txt:delete_obj:authorizing
>> > 2014-01-08 18:06:46.389708 7faa3c7b8700 20 get_obj_state:
>> > rctx=0x7faa8c004b70 obj=.us-east-1.users:TJA9G6SOY6VERRZ629JP
>> > state=0x7faa8c004c38 s->prefetch_data=0
>> > 2014-01-08 18:06:46.389719 7faa3c7b8700 10 moving
>> > .us-east-1.users+TJA9G6SOY6VERRZ629JP to cache LRU end
>> > 2014-01-08 18:06:46.389722 7faa3c7b8700 10 cache get:
>> > name=.us-east-1.users+TJA9G6SOY6VERRZ629JP : hit
>> > 2014-01-08 18:06:46.389731 7faa3c7b8700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:06:46.389736 7faa3c7b8700 10 moving
>> > .us-east-1.users+TJA9G6SOY6VERRZ629JP to cache LRU end
>> > 2014-01-08 18:06:46.389737 7faa3c7b8700 10 cache get:
>> > name=.us-east-1.users+TJA9G6SOY6VERRZ629JP : hit
>> > 2014-01-08 18:06:46.389753 7faa3c7b8700 20 get_obj_state:
>> > rctx=0x7faa8c004d60 obj=.us-east-1.users.uid:jaseer state=0x7faa8c006b18
>> > s->prefetch_data=0
>> > 2014-01-08 18:06:46.389758 7faa3c7b8700 10 moving
>> > .us-east-1.users.uid+jaseer to cache LRU end
>> > 2014-01-08 18:06:46.389760 7faa3c7b8700 10 cache get:
>> > name=.us-east-1.users.uid+jaseer : hit
>> > 2014-01-08 18:06:46.389763 7faa3c7b8700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:06:46.389766 7faa3c7b8700 10 moving
>> > .us-east-1.users.uid+jaseer to cache LRU end
>> > 2014-01-08 18:06:46.389767 7faa3c7b8700 10 cache get:
>> > name=.us-east-1.users.uid+jaseer : hit
>> > 2014-01-08 18:06:46.389808 7faa3c7b8700 10 get_canon_resource():
>> > dest=/Test3/vip.txt
>> > 2014-01-08 18:06:46.389811 7faa3c7b8700 10 auth_hdr:
>> > DELETE
>> >
>> >
>> >
>> > x-amz-date:Wed, 08 Jan 2014 18:06:42 +0000
>> > /Test3/vip.txt
>> > 2014-01-08 18:06:46.389885 7faa3c7b8700 15 calculated
>> > digest=PEPnhNtMAMFcg6h+OYGArn+RMX8=
>> > 2014-01-08 18:06:46.389887 7faa3c7b8700 15
>> > auth_sign=PEPnhNtMAMFcg6h+OYGArn+RMX8=
>> > 2014-01-08 18:06:46.389888 7faa3c7b8700 15 compare=0
>> > 2014-01-08 18:06:46.389890 7faa3c7b8700 20 system request
>> > 2014-01-08 18:06:46.389892 7faa3c7b8700  2 req 24:0.000341:s3:DELETE
>> > /Test3/vip.txt:delete_obj:reading permissions
>> > 2014-01-08 18:06:46.389904 7faa3c7b8700 20 get_obj_state:
>> > rctx=0x7faa8c000fe0 obj=.us-east-1.rgw:Test3 state=0x7faa8c005c98
>> > s->prefetch_data=0
>> > 2014-01-08 18:06:46.389911 7faa3c7b8700 10 moving .us-east-1.rgw+Test3
>> > to
>> > cache LRU end
>> > 2014-01-08 18:06:46.389912 7faa3c7b8700 10 cache get:
>> > name=.us-east-1.rgw+Test3 : hit
>> > 2014-01-08 18:06:46.389917 7faa3c7b8700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:06:46.389920 7faa3c7b8700 20 Read xattr: user.rgw.idtag
>> > 2014-01-08 18:06:46.389921 7faa3c7b8700 20 Read xattr: user.rgw.manifest
>> > 2014-01-08 18:06:46.389924 7faa3c7b8700 10 moving .us-east-1.rgw+Test3
>> > to
>> > cache LRU end
>> > 2014-01-08 18:06:46.389925 7faa3c7b8700 10 cache get:
>> > name=.us-east-1.rgw+Test3 : hit
>> > 2014-01-08 18:06:46.389934 7faa3c7b8700 20 rgw_get_bucket_info: bucket
>> > instance:
>> >
>> > Test3(@{i=.us-east-1.rgw.buckets.index}.us-east-1.rgw.buckets[east-1.8607.1])
>> > 2014-01-08 18:06:46.389939 7faa3c7b8700 20 reading from
>> > .us-east-1.rgw:.bucket.meta.Test3:east-1.8607.1
>> > 2014-01-08 18:06:46.389944 7faa3c7b8700 20 get_obj_state:
>> > rctx=0x7faa8c000fe0 obj=.us-east-1.rgw:.bucket.meta.Test3:east-1.8607.1
>> > state=0x7faa8c00a5e8 s->prefetch_data=0
>> > 2014-01-08 18:06:46.389949 7faa3c7b8700 10 moving
>> > .us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 to cache LRU end
>> > 2014-01-08 18:06:46.389950 7faa3c7b8700 10 cache get:
>> > name=.us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 : hit
>> > 2014-01-08 18:06:46.389955 7faa3c7b8700 20 get_obj_state: s->obj_tag was
>> > set
>> > empty
>> > 2014-01-08 18:06:46.389956 7faa3c7b8700 20 Read xattr: user.rgw.acl
>> > 2014-01-08 18:06:46.389957 7faa3c7b8700 20 Read xattr: user.rgw.idtag
>> > 2014-01-08 18:06:46.389958 7faa3c7b8700 20 Read xattr: user.rgw.manifest
>> > 2014-01-08 18:06:46.389961 7faa3c7b8700 10 moving
>> > .us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 to cache LRU end
>> > 2014-01-08 18:06:46.389963 7faa3c7b8700 10 cache get:
>> > name=.us-east-1.rgw+.bucket.meta.Test3:east-1.8607.1 : hit
>> > 2014-01-08 18:06:46.389980 7faa3c7b8700 15 Read
>> > AccessControlPolicy<AccessControlPolicy
>> >
>> > xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Owner><ID>app-ops</ID><DisplayName>Region-US
>> > Zone-East</DisplayName></Owner><AccessControlList><Grant><Grantee
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:type="CanonicalUser"><ID>jaseer</ID><DisplayName>Jaseer
>> >
>> > TK</DisplayName></Grantee><Permission>READ</Permission></Grant></AccessControlList></AccessControlPolicy>
>> > 2014-01-08 18:06:46.389988 7faa3c7b8700  2 req 24:0.000437:s3:DELETE
>> > /Test3/vip.txt:delete_obj:init op
>> > 2014-01-08 18:06:46.389992 7faa3c7b8700  2 req 24:0.000440:s3:DELETE
>> > /Test3/vip.txt:delete_obj:verifying op mask
>> > 2014-01-08 18:06:46.389993 7faa3c7b8700 20 required_mask= 4
>> > user.op_mask=7
>> > 2014-01-08 18:06:46.389994 7faa3c7b8700  2 req 24:0.000443:s3:DELETE
>> > /Test3/vip.txt:delete_obj:verifying op permissions
>> > 2014-01-08 18:06:46.389997 7faa3c7b8700  5 Searching permissions for
>> > uid=jaseer mask=50
>> > 2014-01-08 18:06:46.389999 7faa3c7b8700  5 Found permission: 1
>> > 2014-01-08 18:06:46.390000 7faa3c7b8700  5 Searching permissions for
>> > group=1
>> > mask=50
>> > 2014-01-08 18:06:46.390001 7faa3c7b8700  5 Permissions for group not
>> > found
>> > 2014-01-08 18:06:46.390002 7faa3c7b8700  5 Searching permissions for
>> > group=2
>> > mask=50
>> > 2014-01-08 18:06:46.390003 7faa3c7b8700  5 Permissions for group not
>> > found
>> > 2014-01-08 18:06:46.390003 7faa3c7b8700  5 Getting permissions id=jaseer
>> > owner=app-ops perm=0
>> > 2014-01-08 18:06:46.390004 7faa3c7b8700 10  uid=jaseer requested perm
>> > (type)=2, policy perm=0, user_perm_mask=2, acl perm=0
>> > 2014-01-08 18:06:46.390006 7faa3c7b8700  2 overriding permissions due to
>> > system operation
>> > 2014-01-08 18:06:46.390007 7faa3c7b8700  2 req 24:0.000456:s3:DELETE
>> > /Test3/vip.txt:delete_obj:verifying op params
>> > 2014-01-08 18:06:46.390008 7faa3c7b8700  2 req 24:0.000457:s3:DELETE
>> > /Test3/vip.txt:delete_obj:executing
>> > 2014-01-08 18:06:46.390017 7faa3c7b8700 20 get_obj_state:
>> > rctx=0x7faa8c000fe0 obj=Test3:vip.txt state=0x7faa8c008078
>> > s->prefetch_data=0
>> > 2014-01-08 18:06:46.390068 7faa3c7b8700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.203:6865/22234 -- osd_op(client.8604.0:1248 east-1.8607.1_vip.txt
>> > [getxattrs,stat] 8.eb952482 e567) v4 -- ?+0 0x7faa8c008eb0 con
>> > 0x7faabc043070
>> > 2014-01-08 18:06:46.392062 7faad8d3c700  1 -- 10.2.4.203:0/1004169 <==
>> > osd.54 10.2.4.203:6865/22234 1 ==== osd_op_reply(1248
>> > east-1.8607.1_vip.txt
>> > [getxattrs,stat] v0'0 uv59 _ondisk_ = 0) v6 ==== 222+0+807 (325389612 0
>> > 3984178414) 0x7faa18001a30 con 0x7faabc043070
>> > 2014-01-08 18:06:46.392290 7faa3c7b8700 10 manifest: total_size = 1621
>> > 2014-01-08 18:06:46.392305 7faa3c7b8700 10 manifest: ofs=0
>> > loc=Test3:vip.txt
>> > 2014-01-08 18:06:46.392308 7faa3c7b8700 20 get_obj_state: setting
>> > s->obj_tag
>> > to east-1.8607.1055
>> > 2014-01-08 18:06:46.392352 7faa3c7b8700 10 setting object
>> > write_tag=_I_fXnf11cDCPWJ0oFS5dVwsVgDFziHe
>> > 2014-01-08 18:06:46.392413 7faa3c7b8700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.203:6845/21995 -- osd_op(client.8604.0:1249 .dir.east-1.8607.1
>> > [call
>> > rgw.bucket_prepare_op] 7.8e7e5c51 e567) v4 -- ?+0 0x7faa8c00b300 con
>> > 0x7faabc036150
>> > 2014-01-08 18:06:46.436377 7faad8d3c700  1 -- 10.2.4.203:0/1004169 <==
>> > osd.58 10.2.4.203:6845/21995 2 ==== osd_op_reply(1249 .dir.east-1.8607.1
>> > [call] v567'10 uv10 _ondisk_ = 0) v6 ==== 177+0+0 (779774278 0 0)
>> > 0x7faa2000edb0 con 0x7faabc036150
>> > 2014-01-08 18:06:46.436616 7faa3c7b8700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.203:6865/22234 -- osd_op(client.8604.0:1250 east-1.8607.1_vip.txt
>> > [cmpxattr user.rgw.idtag (17) op 1 mode 1,setxattr user.rgw.idtag
>> > (33),call
>> > refcount.put] 8.eb952482 e567) v4 -- ?+0 0x7faa8c009d50 con
>> > 0x7faabc043070
>> > 2014-01-08 18:06:46.463235 7faad8d3c700  1 -- 10.2.4.203:0/1004169 <==
>> > osd.54 10.2.4.203:6865/22234 2 ==== osd_op_reply(1250
>> > east-1.8607.1_vip.txt
>> > [cmpxattr (17) op 1 mode 1,setxattr (33),call] v567'60 uv60 _ondisk_ = 0)
>> > v6
>> > ==== 264+0+0 (530216734 0 0) 0x7faa18001440 con 0x7faabc043070
>> > 2014-01-08 18:06:46.463488 7faa3c7b8700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.203:6845/21995 -- osd_op(client.8604.0:1251 .dir.east-1.8607.1
>> > [call
>> > rgw.bucket_complete_op] 7.8e7e5c51 e567) v4 -- ?+0 0x7faa8c00b300 con
>> > 0x7faabc036150
>> > 2014-01-08 18:06:46.463677 7faa3c7b8700  1 -- 10.2.4.203:0/1004169 -->
>> > 10.2.4.90:6895/359 -- osd_op(client.8604.0:1252 gc.7 [call
>> > rgw.gc_set_entry]
>> > 6.21d2251d e567) v4 -- ?+0 0x7faa8c00f2c0 con 0x7faabc033610
>> > 2014-01-08 18:06:46.463730 7faa3c7b8700  2 req 24:0.074179:s3:DELETE
>> > /Test3/vip.txt:delete_obj:http status=204
>> > 2014-01-08 18:06:46.463954 7faa3c7b8700  1 ====== req done req=0x214c030
>> > http_status=204 ======
>> > =================
>> >
>> >
>> >
>> > Thank you,
>> > Jaseer TK
>> >
>> >
>> > On Wed, Jan 8, 2014 at 11:13 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx>
>> > wrote:
>> >>
>> >> On Wed, Jan 8, 2014 at 9:40 AM, Jaseer Tk <jaseer.tk@xxxxxxxxxx> wrote:
>> >> >
>> >> > Thanks Yehuda,
>> >> >
>> >> > But I am seeing only this much in the logs with the log options we
>> >> > set.
>> >> > I'll
>> >> > try once again and update you.
>> >>
>> >> There should be much more.
>> >>
>> >> >
>> >> > Do you think any global parameter (like region/zone settings or
>> >> > user's
>> >> > privileges ) could be causing these buckets to be writable all users
>> >> > ?
>> >> >
>> >>
>> >> At the moment it looks like all users are actually mapping to the same
>> >> user, or something along that line. It is not highly unlikely that
>> >> misconfiguration caused it.
>> >>
>> >> Yehuda
>> >>
>> >>
>> >> > Thank you,
>> >> > Jaseer TK
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > On Wed, Jan 8, 2014 at 10:27 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx>
>> >> > wrote:
>> >> >>
>> >> >> On Tue, Jan 7, 2014 at 11:16 PM, Jaseer Tk <jaseer.tk@xxxxxxxxxx>
>> >> >> wrote:
>> >> >> >
>> >> >> > Hi Yehuda,
>> >> >> >
>> >> >> > Thanks for response.
>> >> >> >
>> >> >> > my setup is on ubuntu 12.04 servers, ceph pkg's:
>> >> >> >
>> >> >> > ========
>> >> >> > ii  ceph                             0.72.2-1precise
>> >> >> > distributed storage and file system
>> >> >> > ii  ceph-common                      0.72.2-1precise
>> >> >> > common utilities to mount and interact with a ceph storage cluster
>> >> >> > ii  ceph-fs-common                   0.72.2-1precise
>> >> >> > common utilities to mount and interact with a ceph file system
>> >> >> > ii  ceph-mds                         0.72.2-1precise
>> >> >> > metadata server for the ceph distributed file system
>> >> >> > ==========
>> >> >> >
>> >> >> > rados version:
>> >> >> > =====
>> >> >> > ii  librados2                        0.72.2-1precise
>> >> >> > RADOS distributed object store client library
>> >> >> > ii  radosgw                          0.72.2-1precise
>> >> >> > REST gateway for RADOS distributed object store
>> >> >> > ii  radosgw-agent                    1.1-1precise
>> >> >> > =======
>> >> >> >
>> >> >> >
>> >> >> > rados conf:
>> >> >> >
>> >> >> > [client.radosgw.us-east-1]
>> >> >> >     rgw region = us
>> >> >> >     rgw region root pool = .us.rgw.root
>> >> >> >     rgw zone = east-1
>> >> >> >     rgw zone root pool = .us-east-1.rgw.root
>> >> >> >     keyring = /etc/ceph/ceph.client.radosgw.keyring
>> >> >> >     debug rgw = 20
>> >> >> >     debug ms = 1
>> >> >> >     rgw_dns_name = my_domain
>> >> >> >     rgw socket path = /var/run/ceph/client.radosgw.us-east-1.sock
>> >> >> >     log file = /var/log/ceph/radosgw.log
>> >> >> >     host = my_rados_hostname
>> >> >> >
>> >> >> >
>> >> >> > Logs while doing putacl,
>> >> >> > =========
>> >> >> > 2014-01-08 07:01:00.364967 7f0180f5d700 10 RGWWatcher::notify()
>> >> >> > opcode=1
>> >> >> > ver=1 bl.length()=462
>> >> >> > 2014-01-08 07:01:00.365006 7f0180f5d700 10 cache put:
>> >> >> > name=.us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1
>> >> >> > 2014-01-08 07:01:00.365013 7f0180f5d700 10 moving
>> >> >> > .us-east-1.rgw+.bucket.meta.App-Ops:east-1.5350.1 to cache LRU end
>> >> >> > 2014-01-08 07:01:00.365017 7f0180f5d700 10 appending xattr:
>> >> >> > name=user.rgw.acl bl.length()=150
>> >> >> > 2014-01-08 07:01:01.501663 7f016bfff700  2
>> >> >> > RGWDataChangesLog::ChangesRenewThread: start
>> >> >> > ==========
>> >> >>
>> >> >> These aren't very thorough logs, looks like a very small snippet. Is
>> >> >> that all you're getting?
>> >> >>
>> >> >>
>> >> >> >
>> >> >> > No rgw logs when doing s3cmd del.
>> >> >> >
>> >> >> > I am using
>> >> >> > http://undesigned.org.za/2007/10/22/amazon-s3-php-class/
>> >> >> > with
>> >> >> > minor modifications to use with rados s3 interface.
>> >> >> > getacl  shows my acl is applied. But user is still able to delete.
>> >> >> > Please
>> >> >> > let me know if you want me to share my php code for getacl and
>> >> >> > putacl.
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > --
>> >> >> > Thank you,
>> >> >> > Jaseer TK
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On Tue, Jan 7, 2014 at 9:30 PM, Yehuda Sadeh <yehuda@xxxxxxxxxxx>
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> On Tue, Jan 7, 2014 at 2:40 AM, Jaseer Tk <jaseer.tk@xxxxxxxxxx>
>> >> >> >> wrote:
>> >> >> >> >
>> >> >> >> > Hi all,
>> >> >> >> >
>> >> >> >> > I tried to apply custom ACL(only Read) on an s3 bucket created.
>> >> >> >> > The
>> >> >> >> > rules
>> >> >> >> > seems to have got applied. But it looks the ACL's not getting
>> >> >> >> > honored.
>> >> >> >> >
>> >> >> >> > when I use getacl, I get the result.
>> >> >> >> > =======
>> >> >> >> >
>> >> >> >> > Array
>> >> >> >> > (
>> >> >> >> >     [0] => Array
>> >> >> >> >         (
>> >> >> >> >             [Grantee] => Array
>> >> >> >> >                 (
>> >> >> >> >                     [ID] => test-user
>> >> >> >> >                     [DisplayName] => Test User
>> >> >> >> >                 )
>> >> >> >> >
>> >> >> >> >             [Permission] => READ
>> >> >> >> >         )
>> >> >> >> >
>> >> >> >> > )
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > But Still this user is able to delete files from the bucket :(
>> >> >> >> >
>> >> >> >> > Am I missing something here ?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> What version are you running? Just tried it with dumpling and it
>> >> >> >> worked ok. Can you provide rgw logs for it? (acl setting +
>> >> >> >> removal;
>> >> >> >> set 'debug rgw = 20' and 'debug ms = 1').
>> >> >> >>
>> >> >> >> Thanks,
>> >> >> >> Yehuda
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > _____________________________________________________________
>> >> >> > The information contained in this communication is intended solely
>> >> >> > for
>> >> >> > the
>> >> >> > use of the individual or entity to whom it is addressed and others
>> >> >> > authorized to receive it. It may contain confidential or legally
>> >> >> > privileged
>> >> >> > information. If you are not the intended recipient you are hereby
>> >> >> > notified
>> >> >> > that any disclosure, copying, distribution or taking any action in
>> >> >> > reliance
>> >> >> > on the contents of this information is strictly prohibited and may
>> >> >> > be
>> >> >> > unlawful. If you have received this communication in error, please
>> >> >> > notify us
>> >> >> > immediately by responding to this email and then delete it from
>> >> >> > your
>> >> >> > system.
>> >> >> > The firm is neither liable for the proper and complete
>> >> >> > transmission
>> >> >> > of
>> >> >> > the
>> >> >> > information contained in this communication nor for any delay in
>> >> >> > its
>> >> >> > receipt.
>> >> >
>> >> >
>> >> >
>> >> > _____________________________________________________________
>> >> > The information contained in this communication is intended solely
>> >> > for
>> >> > the
>> >> > use of the individual or entity to whom it is addressed and others
>> >> > authorized to receive it. It may contain confidential or legally
>> >> > privileged
>> >> > information. If you are not the intended recipient you are hereby
>> >> > notified
>> >> > that any disclosure, copying, distribution or taking any action in
>> >> > reliance
>> >> > on the contents of this information is strictly prohibited and may be
>> >> > unlawful. If you have received this communication in error, please
>> >> > notify us
>> >> > immediately by responding to this email and then delete it from your
>> >> > system.
>> >> > The firm is neither liable for the proper and complete transmission
>> >> > of
>> >> > the
>> >> > information contained in this communication nor for any delay in its
>> >> > receipt.
>> >
>> >
>> >
>> > _____________________________________________________________
>> > The information contained in this communication is intended solely for
>> > the
>> > use of the individual or entity to whom it is addressed and others
>> > authorized to receive it. It may contain confidential or legally
>> > privileged
>> > information. If you are not the intended recipient you are hereby
>> > notified
>> > that any disclosure, copying, distribution or taking any action in
>> > reliance
>> > on the contents of this information is strictly prohibited and may be
>> > unlawful. If you have received this communication in error, please
>> > notify us
>> > immediately by responding to this email and then delete it from your
>> > system.
>> > The firm is neither liable for the proper and complete transmission of
>> > the
>> > information contained in this communication nor for any delay in its
>> > receipt.
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@xxxxxxxxxxxxxx
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>


_____________________________________________________________
The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux