On 02/16/2017 07:17 AM, Josef Zelenka wrote:
Hello everyone,
i've been struggling for the past few days with setting up ACLs for
buckets on my radosgw. I want to use the buckets with the s3 API and i
want them to have the ACL set up like this:
every file that gets pushed into the bucket is automatically readable
by everyone and writeable only by a specific user. Currently i was
able to set the ACLs i want on existing files, but i want them to be
set up in a way that will automatically do this, i.e the entire
bucket. Can anyone shed some light on ACLs in S3 API and RGW?
Thanks
Josef Zelenka
Cloudevelops
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
Hi Josef,
You seem to have a good grasp on the limitations of bucket acls - they
apply to operations that list/create/delete objects, but don't help you
control access to the objects themselves. Object acls do this, but they
have to be applied to individual objects. There's no way to set a custom
object acl that's automatically applied to all new objects in a bucket.
In S3, this kind of access control is accomplished with user or bucket
policy. Amazon has some 'Guidelines for Using the Available Access
Policy Options' at
http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-alternatives-guidelines.html
that covers the differences between ACLs and policy. RGW does not
currently have support for these policies, but there is work in progress.
Casey
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
