On Sun, Oct 01, 2023 at 12:00:58PM +0200, Peter Goron wrote: > Hi Matthias, > > One possible way to achieve your need is to set a quota on number of > buckets at user level (see > https://docs.ceph.com/en/reef/radosgw/admin/#quota-management). Quotas are > under admin control. thanks a lot, rather an elegant solution. Matthias > > Rgds, > Peter > > > Le dim. 1 oct. 2023, 10:51, Matthias Ferdinand <mf+ml.ceph@xxxxxxxxx> a > écrit : > > > Hi, > > > > I am still evaluating ceph rgw for specific use cases. > > > > My question is about keeping the realm of bucket names under control of > > rgw admins. > > > > Normal S3 users have the ability to create new buckets as they see fit. > > This opens opportunities for creating excessive amounts of buckets, or > > for blocking nice bucket names for other uses, or even using > > bucketname-typosquatting as an attack vector. > > > > In AWS, I can create some IAM users and provide per-bucket access to > > them via bucket or IAM user policies. These IAM users can't create new > > buckets on their own. Giving out only those IAM credentials to users and > > applications, I can ensure no bucket namespace pollution occurs. > > > > Ceph rgw does not have IAM users (yet?). What could I use here to not > > allow certain S3 users to create buckets on their own? > > > > > > Regards > > Matthias > > _______________________________________________ > > ceph-users mailing list -- ceph-users@xxxxxxx > > To unsubscribe send an email to ceph-users-leave@xxxxxxx > > _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |