Hi Gholt ,<br><br>1) Container based ACL was working fine ,, <br><br>[shashi@shashi samples]$ curl -X GET -D - -H 'X-Auth-Token:AUTH_tk124a8a19ad7e49c5a04710716fd4f126' <a href="http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1">http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1</a><br>
HTTP/1.1 200 OK<br>X-Container-Object-Count: 1<br>X-Container-Read: test:tester3<br>X-Container-Bytes-Used: 29<br>Content-Length: 10<br>Content-Type: text/plain; charset=utf8<br>Date: Tue, 05 Apr 2011 12:57:49 GMT<br><br>
testfile1<br>[shashi@shashi samples]$ <br><br><br><br>2) How to create new accounts/users using the admin "reseller" which was created using the script "recreateaccounts" of SAIO <br><br><br>swift@test3:~/swift/trunk$ swauth-prep -K reseller<br>
Auth subsystem prep failed: 403 Forbidden<br>swift@test3:~/swift/trunk$ <br><br>swift@test3:~/swift/trunk$ swauth-add-user -U reseller:reseller -K reseller -A <a href="http://192.168.62.63:8080/auth/v1.0">http://192.168.62.63:8080/auth/v1.0</a> reseller user1 user1Account creation failed: 400 Bad Request<br>
User creation failed: 400 Bad Request<br><br>swift@test3:~/swift/trunk$ swauth-add-user -U reseller:reseller -K reseller -A <a href="http://192.168.62.63:8080/v1/AUTH_a62419e4-7841-49d1-950f-521443c8a75d">http://192.168.62.63:8080/v1/AUTH_a62419e4-7841-49d1-950f-521443c8a75d</a> reseller user1 password1<br>
Account creation failed: 401 Unauthorized<br>User creation failed: 401 Unauthorized<br>swift@test3:~/swift/trunk$ <br><br><br>3) Is it possible to enforce the storage limit for a non admin
account/user in swift , if so how to set that storage limit for a user ?
How to distribute the available storage among different users ? <br><br><br>Thanks & Regards,<br>shashi <br><br><div class="gmail_quote">On Tue, Apr 5, 2011 at 6:06 PM, Greg Holt <span dir="ltr"><<a href="mailto:gholt@rackspace.com">gholt@rackspace.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div style="word-wrap: break-word;">You have to use the PUT or POST command when trying to set the headers on a container. Try adding -X POST to that curl command:<div>
<br></div><div>curl -v <b><i>-X POST</i></b> -H 'X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525' -H 'X-Container-Read: test:tester3' -H 'X-Container-Write: test:tester3' <a href="http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1" target="_blank">http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1</a><br>
<div><br></div><div>If you GET or the HEAD the container afterwards, you should see the two headers returned to you with the appropriate values.</div><div><div></div><div class="h5"><div><br><div><div>On Apr 5, 2011, at 5:32 AM, shashidhar v wrote:</div>
<br><blockquote type="cite">Hi Gholt,<br><br>I tried to set the container based read and write acl to share the container with non admin user , but it is giving error as access denied <br><br>[shashi@shashi samples]$ curl -v -H 'X-Storage-User: test:tester' -H 'X-Storage-Pass: testing' <a href="http://192.168.62.63:8080/auth/v1.0*" target="_blank">http://192.168.62.63:8080/auth/v1.0*</a> About to connect() to 192.168.62.63 port 8080<br>
* Trying 192.168.62.63... connected<br>* Connected to 192.168.62.63 (192.168.62.63) port 8080<br>> GET /auth/v1.0 HTTP/1.1<br>> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14<br>
> Host: <a href="http://192.168.62.63:8080/" target="_blank">192.168.62.63:8080</a><br>> Accept: */*<br>> X-Storage-User: test:tester<br>> X-Storage-Pass: testing<br>> <br>< HTTP/1.1 200 OK<br>< X-Storage-Url: <a href="http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a" target="_blank">http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a</a><br>
< X-Storage-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525<br>< X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525<br>< Content-Length: 112<br>< Date: Tue, 05 Apr 2011 10:18:31 GMT<br>Connection #0 to host 192.168.62.63 left intact<br>
* Closing connection #0<br>{"storage": {"default": "local", "local": "<a href="http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a" target="_blank">http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a</a>"}}[shashi@shashi samples]$ <br>
<br><br>[shashi@shashi samples]$ curl -X HEAD -D - -H 'X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525' <a href="http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a" target="_blank">http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a</a><br>
HTTP/1.1 204 No Content<br>X-Account-Object-Count: 0<br>X-Account-Bytes-Used: 0<br>X-Account-Container-Count: 1<br>Content-Length: 0<br>Date: Tue, 05 Apr 2011 10:20:19 GMT<br><br>[shashi@shashi samples]$ <br>[shashi@shashi samples]$ curl -X HEAD -D - -H 'X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525' <a href="http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1" target="_blank">http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1</a><br>
HTTP/1.1 204 No Content<br>X-Container-Object-Count: 1<br>X-Container-Bytes-Used: 29<br>Content-Length: 0<br>Date: Tue, 05 Apr 2011 10:20:40 GMT<br><br>[shashi@shashi samples]$ <br><br><br><br>Initially I have created a container named as "container1" using the admin user "test:tester" and then trying to set read and write acl for the container1 to share it with non-admin user ..........<br>
<br><br><br>[shashi@shashi samples]$ curl -v -H 'X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525' -H 'X-Container-Read: test:tester3' -H 'X-Container-Write: test:tester3' <a href="http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1" target="_blank">http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1</a><br>
* About to connect() to 192.168.62.63 port 8080<br>* Trying 192.168.62.63... connected<br>* Connected to 192.168.62.63 (192.168.62.63) port 8080<br>> GET /v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1 HTTP/1.1<br>
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14<br>> Host: <a href="http://192.168.62.63:8080/" target="_blank">192.168.62.63:8080</a><br>> Accept: */*<br>
> X-Auth-Token: AUTH_tk64b46c28eda84a839b7ba10cc54f3525<br>
> X-Container-Read: test:tester3<br>> X-Container-Write: test:tester3<br>> <br>< HTTP/1.1 200 OK<br>< X-Container-Object-Count: 1<br>< X-Container-Bytes-Used: 29<br>< Content-Length: 10<br>< Content-Type: text/plain; charset=utf8<br>
< Date: Tue, 05 Apr 2011 10:11:01 GMT<br>testfile1<br>* Connection #0 to host 192.168.62.63 left intact<br>* Closing connection #0<br>[shashi@shashi samples]$ <br><br>[shashi@shashi samples]$ curl -v -H 'X-Storage-User: test:tester3' -H 'X-Storage-Pass: testing3' <a href="http://192.168.62.63:8080/auth/v1.0*" target="_blank">http://192.168.62.63:8080/auth/v1.0*</a> About to connect() to 192.168.62.63 port 8080<br>
* Trying 192.168.62.63... connected<br>* Connected to 192.168.62.63 (192.168.62.63) port 8080<br>> GET /auth/v1.0 HTTP/1.1<br>> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.7a zlib/1.2.3 libidn/0.6.14<br>
> Host: <a href="http://192.168.62.63:8080/" target="_blank">192.168.62.63:8080</a><br>> Accept: */*<br>> X-Storage-User: test:tester3<br>> X-Storage-Pass: testing3<br>> <br>< HTTP/1.1 200 OK<br>< X-Storage-Url: <a href="http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a" target="_blank">http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a</a><br>
< X-Storage-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126<br>< X-Auth-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126<br>< Content-Length: 112<br>< Date: Tue, 05 Apr 2011 10:11:16 GMT<br>Connection #0 to host 192.168.62.63 left intact<br>
* Closing connection #0<br>{"storage": {"default": "local", "local": "<a href="http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a" target="_blank">http://127.0.0.1:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a</a>"}}[shashi@shashi samples]$ <br>
<br>[shashi@shashi samples]$ curl -s -D - -H 'X-Auth-Token: AUTH_tk124a8a19ad7e49c5a04710716fd4f126' <a href="http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1/testfile1" target="_blank">http://192.168.62.63:8080/v1/AUTH_74ac0809-6c3f-4a0b-a6c8-6a664477b32a/container1/testfile1</a><br>
HTTP/1.1 403 Forbidden<br>Content-Length: 157<br>Content-Type: text/html; charset=UTF-8<br>Date: Tue, 05 Apr 2011 10:11:42 GMT<br><br><html><br> <head><br> <title>403 Forbidden</title><br> </head><br>
<body><br> <h1>403 Forbidden</h1><br> Access was denied to this resource.<br /><br /><br><br><br><br> </body><br></html>[shashi@shashi samples]$ <br>[shashi@shashi samples]$ <br>
<br>Thanks & Regards,<br>shashi<br><br><br><br><br><br><div class="gmail_quote">On Fri, Apr 1, 2011 at 6:32 PM, Greg Holt <span dir="ltr"><<a href="mailto:gholt@rackspace.com" target="_blank">gholt@rackspace.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div>On Apr 1, 2011, at 1:35 AM, shashidhar v wrote:<br>
<br>
> In the above script, the third user is tester3 (non admin) which is not allowed to create containers ? Then what's the role of non-admin users created under swift , what operations they can perform ?<br>
><br>
> Swift supports ACL or not and the containers/objects created by a admin user can be shared with non-admin user for atleast downloading the objects ?<br>
<br>
</div>Non-admin users can only perform operations per container based on the container’s X-Container-Read and X-Container-Write ACLs. With an admin account you could create a container for that non-admin user and set X-Container-Read: test:tester3 and X-Container-Write: test:tester3.<br>
<br>
These may explain more:<br>
<br>
<a href="http://swift.openstack.org/overview_auth.html" target="_blank">http://swift.openstack.org/overview_auth.html</a><br>
<a href="http://swift.openstack.org/misc.html#module-swift.common.middleware.acl" target="_blank">http://swift.openstack.org/misc.html#module-swift.common.middleware.acl</a><br>
<br>
</blockquote></div><br>
</blockquote></div><br></div></div></div></div></div></blockquote></div><br>