[Openstack] swift acl's

Mohammed Junaid mohdjunaid.54 at gmail.com
Thu Dec 15 13:19:53 UTC 2011

Hi All,

I am testing acl support in swift-1.4.5. According to the document
http://swift.openstack.org/misc.html#module-swift.common.middleware.acl the
syntax to allow all non-admin users read access to the container except for
one is as following.

Executing the curl following curl command from an admin user.
curl -v -X POST -H 'X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47' -H 'X-Container-Read:

curl -v -X HEAD -H 'X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47'
*About to connect() to port 8080 (#0)
* Trying connected
* Connected to ( port 8080 (#0)
> HEAD /v1/AUTH_test/cont HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host:\
> Accept:
> X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47
< HTTP/1.1 204 No Content
< X-Container-Object-Count: 10
< X-Container-Read: .r:*,.rlistings,.r:-test:tester3
< X-Container-Bytes-Used: 100000000
< Accept-Ranges: bytes
< Content-Length: 0
< Date: Thu, 15 Dec 2011 18:38:25 GMT
* Connection #0 to host left intact
* Closing connection #0

But GET operations still succeed for the user tester3. What else is
required to make the swift-server deny this user from doing GET operations.
Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20111215/ea1b346e/attachment.html>

More information about the Openstack mailing list