Project

General

Profile

Bug #19027

multisite: EPERM when trying to read SLO objects as system/admin user

Added by Casey Bodley 7 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
-
Start date:
02/21/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
jewel kraken
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Release:
Needs Doc:
No

Description

RGWGetObj::read_user_manifest_part() calls verify_object_permission() on each SLO segment, but doesn't take the user's system/admin status into account. So when another zone tries to fetch the object as a system user, the request is denied with 403: Forbidden.


Related issues

Copied to rgw - Backport #19474: jewel: multisite: EPERM when trying to read SLO objects as system/admin user Resolved
Copied to rgw - Backport #19475: kraken: rgw: multisite: EPERM when trying to read SLO objects as system/admin user Resolved

History

#1 Updated by Casey Bodley 7 months ago

  • Status changed from New to Need Review

#2 Updated by Casey Bodley 6 months ago

  • Status changed from Need Review to Pending Backport

#3 Updated by Nathan Cutler 6 months ago

  • Copied to Backport #19474: jewel: multisite: EPERM when trying to read SLO objects as system/admin user added

#4 Updated by Nathan Cutler 6 months ago

  • Copied to Backport #19475: kraken: rgw: multisite: EPERM when trying to read SLO objects as system/admin user added

#5 Updated by Nathan Cutler 3 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF