← Back to team overview

openstack team mailing list archive

Re: swift acl's

 

hello,


         please Unsubscribe my account from open stack...







On Fri, Dec 16, 2011 at 8:02 AM, Mohammed Junaid <mohdjunaid.54@xxxxxxxxx>wrote:

> In my case, I want to set access permissions to all the users except for
> this user "tester3" and according to the documentation "-" is to be
> prefixed to deny access to the user. But even after setting the "-" for the
> user "tester3", read access is granted to it. Can anyone who has used it
> provide some inputs.
>
> On Fri, Dec 16, 2011 at 4:29 AM, pf shineyear <shinepf@xxxxxxxxx> wrote:
>
>> if u set .r:* all user can GET, so try to not set .r:* just set
>> .r:-test:tester3 is enough
>>
>>
>> On Fri, Dec 16, 2011 at 12:19 AM, Mohammed Junaid <
>> mohdjunaid.54@xxxxxxxxx> wrote:
>>
>>> Hi All,
>>>
>>> I am testing acl support in swift-1.4.5. According to the document
>>> http://swift.openstack.org/misc.html#module-swift.common.middleware.acl the
>>> syntax to allow all non-admin users read access to the container except for
>>> one is as following.
>>>
>>> Executing the curl following curl command from an admin user.
>>> curl -v -X POST -H 'X-Auth-Token:
>>> AUTH_tkea3fdbf40e5b40708a51db0377be3f47'
>>> http://127.0.0.1:8080/v1/AUTH_test/cont -H 'X-Container-Read:
>>> .r:*,.rlistings,.r:-test:tester3'
>>>
>>> curl -v -X HEAD -H 'X-Auth-Token:
>>> AUTH_tkea3fdbf40e5b40708a51db0377be3f47'
>>> http://127.0.0.1:8080/v1/AUTH_test/cont
>>> *About to connect() to 127.0.0.1 port 8080 (#0)
>>> * Trying 127.0.0.1... connected
>>> * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
>>> > HEAD /v1/AUTH_test/cont HTTP/1.1
>>> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/
>>> 3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
>>> > Host: 127.0.0.1:8080\
>>> > Accept:
>>> > X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47
>>> >
>>> < HTTP/1.1 204 No Content
>>> < X-Container-Object-Count: 10
>>> < X-Container-Read: .r:*,.rlistings,.r:-test:tester3
>>> < X-Container-Bytes-Used: 100000000
>>> < Accept-Ranges: bytes
>>> < Content-Length: 0
>>> < Date: Thu, 15 Dec 2011 18:38:25 GMT
>>> <
>>> * Connection #0 to host 127.0.0.1 left intact
>>> * Closing connection #0
>>> --
>>>
>>> But GET operations still succeed for the user tester3. What else is
>>> required to make the swift-server deny this user from doing GET operations.
>>> Thanks in advance.
>>>
>>> regards,
>>> Junaid
>>>
>>>
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~openstack
>>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~openstack
>>> More help   : https://help.launchpad.net/ListHelp
>>>
>>>
>>
>
>
> --
> regards,
> Junaid
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

References