On Thu, Dec 10, 2015 at 2:26 AM, Xavier Serrano <xserrano+ceph@xxxxxxxxxx> wrote: > Hello, > > We are using ceph version 0.94.4, with radosgw offering S3 storage > to our users. > > Each user is assigned one bucket (and only one; max_buckets is set to 1). > The bucket name is actually the user name (typical unix login name, up to > 8 characters long). > > Users can read and write objects in their own bucket (permissions are set > to read and write, not public). > > With this set of permissions, the user can delete its own bucket and > create another one with a different name. We'd like to avoid this. > It this possible? I don't remember if RGW behaves exactly this way or not, but you could try having some kind of admin user create the bucket and give the individual read/write access to it, but not bucket ACL access. I think that's the semantics on S3 proper and it's easy enough to test. -Greg _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |