On Thu, Dec 10, 2015 at 11:25 AM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: > On Thu, Dec 10, 2015 at 2:26 AM, Xavier Serrano > <xserrano+ceph@xxxxxxxxxx> wrote: >> Hello, >> >> We are using ceph version 0.94.4, with radosgw offering S3 storage >> to our users. >> >> Each user is assigned one bucket (and only one; max_buckets is set to 1). >> The bucket name is actually the user name (typical unix login name, up to >> 8 characters long). >> >> Users can read and write objects in their own bucket (permissions are set >> to read and write, not public). >> >> With this set of permissions, the user can delete its own bucket and >> create another one with a different name. We'd like to avoid this. >> It this possible? > > I don't remember if RGW behaves exactly this way or not, but you could > try having some kind of admin user create the bucket and give the > individual read/write access to it, but not bucket ACL access. I think > that's the semantics on S3 proper and it's easy enough to test. With the caveat that the users won't see the bucket when they list it. I can't really think of any other proper solution with the system as it is now (at least not without some kind of proxy magic). Yehuda _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |