Re: Reset Object ACLs in RGW

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Casey,

Thanks for the tip in the right direction. I originally tried creating an
admin user to accomplish this and I didn't realise the different between an
admin and system user. Using a system user I was able to iterate over the
contents of the buckets and reset the object ownership back to the bucket
owner. Below is a very very ugly bash script I used to achieve this which I
don't recommend anyone using, but for reference of anyone else in a similar
predicament to me:

IFS=$'\n'; for i in $(aws s3api --endpoint-url
https://ceph-rgw-endpoint-here list-objects --bucket "bucketname" --output
json | jq -r '.Contents[] | (.Key)') ; do echo restoring ownership on $i ;
aws s3api --endpoint-url https://ceph-rgw-endpoint-here put-object-acl
--grant-full-control id=idhere --bucket "bucketname" --key $i ; done ; unset
IFS

You'll need to install the aws toolkit and jq of course and configure them.

Thanks again,

Tom


-----Original Message-----
From: ceph-users <ceph-users-bounces@xxxxxxxxxxxxxx> On Behalf Of Casey
Bodley
Sent: 02 August 2018 17:08
To: ceph-users@xxxxxxxxxxxxxx
Subject: Re:  Reset Object ACLs in RGW


On 08/02/2018 07:35 AM, Thomas White wrote:
> Hi all,
>
> At present I have a cluster with a user on the RGW who has lost access to
many of his files. The bucket has the correct ACL to be accessed by the
account and so with their access and secret key many items can be listed,
but are unable to be downloaded.
>
> Is there a way of using the radosgw-admin tool to reset (or set) ACLs on
individual files or recursively across bucket objects to restore access for
them?
>
> Kind Regards,
>
> Tom
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Hi Tom,

I don't think radosgw-admin can do this. But you can create a system user
(radosgw-admin user create --system ...) which overrides permission checks,
and use it to issue s3 operations to manipulate the acls.

Casey
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com


_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux