Re: radosgw setting puplic ACLs fails.

[Wido den Hollander <wido@xxxxxxxx>]

On 11/27/2013 10:43 PM, Yehuda Sadeh wrote:
> I just pushed a fix for review for the s3cmd --setacl issue. It should
> land a stable release soonish.

So this is commit 14cf4caff58cc2c535101d48c53afd54d8632104 right?

It says:

    Fixes: #6892
    Backport: dumpling, emperor

But it never got backported to Dumpling 0.67.5. I now manually cherry 
picked it on a system of mine and building.

The issue: http://tracker.ceph.com/issues/6892

Wido

> Thanks,
> Yehuda
>
> On Wed, Nov 27, 2013 at 10:12 AM, Shain Miley <SMiley@xxxxxxx> wrote:
> > Derek,
> > That's great...I am hopeful it makes it into the next release too...it will solve several issues we are having, trying to working around radosgw bucket and object permissions when there are multiple users writing files to our buckets.
> >
> > And with the 's3cmd setacl' failing...at this point I don't see too many other alternatives for us.
> >
> > Thanks again,
> >
> > Shain
> >
> > Shain Miley | Manager of Systems and Infrastructure, Digital Media | smiley@xxxxxxx | 202.513.3649
> >
> > ________________________________________
> > From: Derek Yarnell [derek@xxxxxxxxxxxxxx]
> > Sent: Wednesday, November 27, 2013 11:21 AM
> > To: Shain Miley
> > Cc: derek@xxxxxxxxxxxxxx; ceph-users
> > Subject: Re:  radosgw setting puplic ACLs fails.
> >
> > On 11/26/13, 3:31 PM, Shain Miley wrote:
> > > Micha,
> > >
> > > Did you ever figure out a work around for this issue?
> > >
> > > I also had plans of using s3cmd to put, and recursively set acl's on a nightly basis...however we are getting the 403 errors as well during our testing.
> > >
> > > I was just wondering if you were able to find another solution.
> >
> > Hi,
> >
> > There is code[1] in the master branch (I am not sure but I hope it will
> > make it into the next stable release, it is not in 0.72.x) that allows
> > you defer to the bucket ACLs.  defer_to_bucket_acls is the configurable
> > which allows for two different modes.  Recurse just propagates the
> > specific bucket acls to all the keys, it does fall through to the key
> > ACL if the bucket ACL doesn't apply.  Full_control allows someone with
> > FULL_CONTROL at the bucket level to do whatever they want to the keys
> > (including replace the whole ACL), and again falls through to the key ACL.
> >
> > Note this breaks AWS S3 compatibility and is why it is a configurable.
> >
> > [1] - https://github.com/ceph/ceph/pull/672
> >
> > Thanks,
> > derek
> >
> > --
> > Derek T. Yarnell
> > University of Maryland
> > Institute for Advanced Computer Studies
> >
> >
> > _______________________________________________
> > ceph-users mailing list
> > ceph-users@xxxxxxxxxxxxxx
> > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com


--
Wido den Hollander
42on B.V.

Phone: +31 (0)20 700 9902
Skype: contact42on
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com