[Openstack] swift acl's
Mohammed Junaid
mohdjunaid.54 at gmail.com
Fri Dec 16 06:02:12 UTC 2011
In my case, I want to set access permissions to all the users except for
this user "tester3" and according to the documentation "-" is to be
prefixed to deny access to the user. But even after setting the "-" for the
user "tester3", read access is granted to it. Can anyone who has used it
provide some inputs.
On Fri, Dec 16, 2011 at 4:29 AM, pf shineyear <shinepf at gmail.com> wrote:
> if u set .r:* all user can GET, so try to not set .r:* just set
> .r:-test:tester3 is enough
>
>
> On Fri, Dec 16, 2011 at 12:19 AM, Mohammed Junaid <mohdjunaid.54 at gmail.com
> > wrote:
>
>> Hi All,
>>
>> I am testing acl support in swift-1.4.5. According to the document
>> http://swift.openstack.org/misc.html#module-swift.common.middleware.acl the
>> syntax to allow all non-admin users read access to the container except for
>> one is as following.
>>
>> Executing the curl following curl command from an admin user.
>> curl -v -X POST -H 'X-Auth-Token:
>> AUTH_tkea3fdbf40e5b40708a51db0377be3f47'
>> http://127.0.0.1:8080/v1/AUTH_test/cont -H 'X-Container-Read:
>> .r:*,.rlistings,.r:-test:tester3'
>>
>> curl -v -X HEAD -H 'X-Auth-Token:
>> AUTH_tkea3fdbf40e5b40708a51db0377be3f47'
>> http://127.0.0.1:8080/v1/AUTH_test/cont
>> *About to connect() to 127.0.0.1 port 8080 (#0)
>> * Trying 127.0.0.1... connected
>> * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
>> > HEAD /v1/AUTH_test/cont HTTP/1.1
>> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/
>> 3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
>> > Host: 127.0.0.1:8080\
>> > Accept:
>> > X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47
>> >
>> < HTTP/1.1 204 No Content
>> < X-Container-Object-Count: 10
>> < X-Container-Read: .r:*,.rlistings,.r:-test:tester3
>> < X-Container-Bytes-Used: 100000000
>> < Accept-Ranges: bytes
>> < Content-Length: 0
>> < Date: Thu, 15 Dec 2011 18:38:25 GMT
>> <
>> * Connection #0 to host 127.0.0.1 left intact
>> * Closing connection #0
>> --
>>
>> But GET operations still succeed for the user tester3. What else is
>> required to make the swift-server deny this user from doing GET operations.
>> Thanks in advance.
>>
>> regards,
>> Junaid
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
--
regards,
Junaid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20111216/d9ca18b8/attachment.html>
More information about the Openstack
mailing list