rgw: disallowing bucket creation for specific users?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I am still evaluating ceph rgw for specific use cases.

My question is about keeping the realm of bucket names under control of
rgw admins.

Normal S3 users have the ability to create new buckets as they see fit.
This opens opportunities for creating excessive amounts of buckets, or
for blocking nice bucket names for other uses, or even using
bucketname-typosquatting as an attack vector.

In AWS, I can create some IAM users and provide per-bucket access to
them via bucket or IAM user policies. These IAM users can't create new
buckets on their own. Giving out only those IAM credentials to users and
applications, I can ensure no bucket namespace pollution occurs.

Ceph rgw does not have IAM users (yet?). What could I use here to not
allow certain S3 users to create buckets on their own?

ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx

[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux