Re: How to configure s3 bucket acl so that one user's bucket is visible to another.

"Marc Roos" <M.Roos@xxxxxxxxxxxxxxxxx> · Sat, 5 May 2018 07:08:37 +0200

This 'juggle keys' is a bit cryptic to me. If I create a subuser it 
becomes a swift user not? So how can that have access to the s3 or be 
used in a s3 client. I have to put in the client the access and secret 
key, in the subuser I only have a secret key.

Is this multi tentant basically only limiting this buckets namespace to 
the tenants users and nothing else?

-----Original Message-----
From: David Turner [mailto:drakonstein@xxxxxxxxx] 
Sent: zondag 29 april 2018 14:52
To: Yehuda Sadeh-Weinraub
Cc: ceph-users@xxxxxxxxxxxxxx; Безруков Илья Алексеевич
Subject: Re:  How to configure s3 bucket acl so that one 
user's bucket is visible to another.

You can create subuser keys to allow other users to have access to a 
bucket. You have to juggle keys, but it works pretty well.

On Sun, Apr 29, 2018, 4:00 AM Yehuda Sadeh-Weinraub <yehuda@xxxxxxxxxx> 
wrote:

	You can't. A user can only list the buckets that it owns, it cannot
	list other users' buckets.

	Yehuda

	On Sat, Apr 28, 2018 at 11:10 AM, Безруков Илья Алексеевич
	<bezrukov@xxxxxxxxx> wrote:
	> Hello,
	>
	> How to configure s3 bucket acl so that one user's bucket is 
visible to
	> another.
	>
	>
	> I can create a bucket, objects in it and give another user access 
to it.
	> But another user does not see this bucket in the list of 
available buckets.
	>
	>
	> ## User1
	>
	> ```
	> s3cmd -c s3cfg_user1 ls s3://
	>
	> 2018-04-28 07:50  s3://example1
	>
	> #set ACL
	> s3cmd -c s3cfg_user1 setacl --acl-grant=all:user2 s3://example1
	> s3://example1/: ACL updated
	>
	> # Check
	> s3cmd -c s3cfg_user1 info s3://example1
	> s3://example1/ (bucket):
	>    Location:  us-east-1
	>    Payer:     BucketOwner
	>    Expiration Rule: none
	>    Policy:    none
	>    CORS:      none
	>    ACL:       User1: FULL_CONTROL
	>    ACL:       User2: FULL_CONTROL
	>
	> # Put some data
	> s3cmd -c s3cfg_user1 put /tmp/dmesg s3://example1
	> upload: '/tmp/dmesg' -> 's3://example1/dmesg'  [1 of 1]
	>  5305 of 5305   100% in    0s    27.28 kB/s  done
	>
	> #set ACL
	> s3cmd -c s3cfg_user1 setacl --acl-grant=all:bondarenko 
s3://example1/dmesg
	> s3://example1/dmesg: ACL updated
	>
	> ```
	>
	> ## User2
	> ```
	> s3cmd -c ~/.s3cfg_user2 ls s3://
	> 2018-04-27 14:23  s3://only_itself_dir
	>
	> # Check info
	> s3cmd -c ~/.s3cfg_user2 info s3://example1
	> ERROR: Access to bucket 'example1' was denied
	> ERROR: S3 error: 403 (AccessDenied)
	>
	> # ls bucket
	> s3cmd -c ~/.s3cfg_user2 ls s3://example1
	> 2018-04-28 07:58      5305   s3://example1/dmesg
	>
	> #Get info
	> s3cmd -c ~/.s3cfg_user2 info s3://example1/dmesg
	> s3://example1/dmesg (object):
	>    File size: 5305
	>    Last mod:  Sat, 28 Apr 2018 07:58:03 GMT
	>    MIME type: text/plain
	>    Storage:   STANDARD
	>    MD5 sum:   47ddc4780956cb55abe27e851aa02cfa
	>    SSE:       none
	>    Policy:    none
	> ERROR: Access to bucket 'example1' was denied
	> ERROR: S3 error: 403 (AccessDenied)
	>
	> #Get object
	> s3cmd -c ~/.s3cfg_user2 get s3://example1/dmesg /tmp/test
	> download: 's3://example1/dmesg' -> '/tmp/test'  [1 of 1]
	>  5305 of 5305   100% in    0s   160.54 kB/s  done
	>
	> #Put some oject to bucket
	> s3cmd -c ~/.s3cfg_user2 put /tmp/dmesg2 s3://example1/dmesg2
	> upload: '/tmp/dmesg2' -> 's3://example1/dmesg2'  [1 of 1]
	>  38136 of 38136   100% in    0s   455.18 kB/s  done
	> ```
	>
	> Best regards,
	>
	> Ilya
	>
	>
	> _______________________________________________
	> ceph-users mailing list
	> ceph-users@xxxxxxxxxxxxxx
	> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
	>
	_______________________________________________
	ceph-users mailing list
	ceph-users@xxxxxxxxxxxxxx
	http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com