Bug #63791
openRGW: a subuser with no permission can still list buckets and create buckets
0%
Description
Hi,
I just found out a subuser with no permission can still list buckets and create buckets. Is it a bug or a feature? Because as I know, this issue has been there for a long time
Updated by Casey Bodley over 2 years ago
is this with s3? subusers were invented for swift, so the interactions with s3 have never been well-defined
Updated by hoan nv over 2 years ago
Casey Bodley wrote:
is this with s3? subusers were invented for swift, so the interactions with s3 have never been well-defined
I have same problem.
From 14 ceph versions, ceph rgw can assign permission to s3 subuser. It is a helpful feature.
So if this feature can improve, it will be great.
Updated by Shreyansh Sancheti over 2 years ago
- Assignee set to Shreyansh Sancheti
Updated by Shreyansh Sancheti over 2 years ago
- Status changed from New to Need More Info
Casey Bodley wrote:
is this with s3? subusers were invented for swift, so the interactions with s3 have never been well-defined
So a subuser with no permission should be able to do what operations? I mean it should not be able to list buckets and create new ones is that the request?.
Updated by hoan nv over 2 years ago
Shreyansh Sancheti wrote:
Casey Bodley wrote:
is this with s3? subusers were invented for swift, so the interactions with s3 have never been well-defined
So a subuser with no permission should be able to do what operations? I mean it should not be able to list buckets and create new ones is that the request?.
subuser with no permission should not able to do anything.
Updated by Shreyansh Sancheti about 2 years ago
- Status changed from Need More Info to In Progress
Updated by Daniel Gryniewicz almost 2 years ago
- Status changed from In Progress to Fix Under Review
Updated by Casey Bodley almost 2 years ago
- Status changed from Fix Under Review to Resolved
Updated by hoan nv almost 2 years ago
This commit can be backported to quincy reef ?
Updated by Pierre Riteau almost 2 years ago
I believe this is also an issue for subusers with read permissions: they can still create buckets (at least on Quincy 17.2.6).
Updated by Konstantin Shalygin almost 2 years ago
- Status changed from Resolved to Pending Backport
- Target version set to v20.0.0
- Source set to Community (user)
- Backport set to quincy reef squid
Updated by Konstantin Shalygin almost 2 years ago
hoan nv wrote in #note-10:
This commit can be backported to quincy reef ?
I revert status from resolved, now is possible
Updated by Upkeep Bot almost 2 years ago
- Copied to Backport #65960: quincy: RGW: a subuser with no permission can still list buckets and create buckets added
Updated by Upkeep Bot almost 2 years ago
- Copied to Backport #65961: reef: RGW: a subuser with no permission can still list buckets and create buckets added
Updated by Upkeep Bot almost 2 years ago
- Copied to Backport #65962: squid: RGW: a subuser with no permission can still list buckets and create buckets added
Updated by Casey Bodley over 1 year ago
- Status changed from Pending Backport to New
- Pull request ID deleted (
55661)
https://github.com/ceph/ceph/pull/55661 was reverted as part of https://github.com/ceph/ceph/pull/54333, moving status back to New
Updated by J. Eric Ivancich about 1 year ago
Do we need to look at this again? A duplicate was just reported.
Updated by J. Eric Ivancich about 1 year ago
- Has duplicate Bug #69104: RGW: a subuser with no permission can still get and edit Versioning, object lock, cors on buckets added
Updated by Konstantin Shalygin about 1 year ago
- Backport changed from quincy reef squid to reef squid