I'm not totally sure about this, but you might have to use the project_id from keystone instead of the project_name when setting up acls.   The same may be true of user_id.  <br><br>Vish<div><br><div class="gmail_quote">
On Fri, May 11, 2012 at 12:51 AM, 张家龙 <span dir="ltr"><<a href="mailto:zhangjl@awcloud.com" target="_blank">zhangjl@awcloud.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>Hello, everyone.<br>    <br>    I encountered some problems when i set permissions (ACLs) on Openstack Swift containers.<br>    I installed swift-1.4.8(essex) and use keystone-2012.1 as authentication system on CentOS 6.2 .<br>
    <br>    My swift proxy-server.conf and keystone.conf are here:<br>    <span style="text-decoration:underline"><a href="http://pastebin.com/dUnHjKSj" target="_blank">http://pastebin.com/dUnHjKSj</a></span><br>    <br>    Then,I use the script named opensatck_essex_data.sh(<span style="text-decoration:underline"><a href="http://pastebin.com/LWGVZrK0" target="_blank">http://pastebin.com/LWGVZrK0</a></span>) to <br>
    initialize keystone.<br>    <br>    After these operations,I got the token of demo:demo and newuser:newuser<br>    <br>    <font><span style="font-style:italic">curl -s -H 'Content-type: application/json' \</span><br style="font-style:italic">
<span style="font-style:italic">    -d '{"auth": {"tenantName": "demo", "passwordCredentials": {"username": "demo", "password": "admin"}}}' \</span><br style="font-style:italic">
<span style="font-style:italic">    <a href="http://127.0.0.1:5000/v2.0/tokens" target="_blank">http://127.0.0.1:5000/v2.0/tokens</a> | python -mjson.tool</span></font><br>    <br>    <font style="font-style:italic" size="2">curl -s -H 'Content-type: application/json' \<br>
    -d '{"auth": {"tenantName": "newuser", "passwordCredentials": {"username": "newuser", "password": "admin"}}}' \<br>    <a href="http://127.0.0.1:5000/v2.0/tokens" target="_blank">http://127.0.0.1:5000/v2.0/tokens</a> | python -mjson.tool</font><br>
    <br>    Then,enable read access to newuser:newuser<br>    <br>    <font><span style="font-style:italic">curl –X PUT -i \</span><br style="font-style:italic"><span style="font-style:italic">    -H "X-Auth-Token: <token of demo:demo>" \</span><br style="font-style:italic">
<span style="font-style:italic">    -H "X-Container-Read: newuser:newuser" \</span><br style="font-style:italic"><span style="font-style:italic">    <a href="http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc" target="_blank">http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc</a></span></font><br>
    <br>    Check the permission of the container:<br>    <br>    <font><span style="font-style:italic">curl -k -v -H 'X-Auth-Token:<token of demo:demo>' \</span><br style="font-style:italic"><span style="font-style:italic">    <a href="http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc" target="_blank">http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc</a></span></font><br>
    <br>    This is the reply of the operation:<br>    <br>    <font><span style="font-style:italic">HTTP/1.1 200 OK</span><br style="font-style:italic"><span style="font-style:italic">    X-Container-Object-Count: 1</span><br style="font-style:italic">
<span style="font-style:italic">    X-Container-Read: newuser:newuser</span><br style="font-style:italic"><span style="font-style:italic">    X-Container-Bytes-Used: 2735</span><br style="font-style:italic"><span style="font-style:italic">    Accept-Ranges: bytes</span><br style="font-style:italic">
<span style="font-style:italic">    Content-Length: 24</span><br style="font-style:italic"><span style="font-style:italic">    Content-Type: text/plain; charset=utf-8</span><br style="font-style:italic"><span style="font-style:italic">    Date: Fri, 11 May 2012 07:30:23 GMT</span><br style="font-style:italic">
<br style="font-style:italic"><span style="font-style:italic">    opensatck_essex_data.sh</span></font><br>    <br>    Now,the user newuser:newuser visit the container of demo:demo<br>    <br>    <font><span style="font-style:italic">curl -k -v -H 'X-Auth-Token:<token of newuser:newuser>' \</span><br style="font-style:italic">
<span style="font-style:italic">    <a href="http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc" target="_blank">http://127.0.0.1:8080/v1/AUTH_f1723800c821453d9f22d42d1fbb334b/demodirc</a></span></font><br>
    <br>    While,I got <span style="color:rgb(255,0,0);font-weight:bold">403</span><span style="font-weight:bold"> </span>error.Can someone help me?<br><br><div><u></u><div style="color:#909090;font-family:Arial Narrow;font-size:12px">
------------------</div><div style="font-size:14px;font-family:Verdana"><div>
<div>Best Regards</div>
<div> </div>
<div>ZhangJialong</div> </div></div><u></u></div><div> </div><br>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to     : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help   : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div>