Project

General

Profile

Actions
Copy link

Bug #3450

closed

WRITE permission only doesn't allow proper multi-part upload

Added by Sylvain Munaut over 11 years ago. Updated almost 11 years ago.

Status:
Won't Fix
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

In our setup we have a user who only has write permission on a bucket and we wanted to use multi-part uploads.
The problem is that before the finalize of the upload the library checks the upload status of the various parts and that goes through the RGWListMultipart which requires the READ rights.

To me it doesn't seem to make a lot of sense because that api only lists 'meta data' about the WRITE operation itself and so the user should still be able to do it.

We applied the attached patch for it to work as we expect. The downside is that WRITE users can query the status of any upload if they know the uploadID but that seems about as likely as guessing the signature ...

Files

ceph-fix-multipart-upload-for-write-only-users.diff (684 Bytes) ceph-fix-multipart-upload-for-write-only-users.diff Proposed patch Sylvain Munaut, 11/07/2012 04:24 AM

Related issues 1 (1 open0 closed)

Related to rgw - Feature #4432: Develop plan for multi-user / multi-tenancyNeed More Info03/13/2013

Actions
Actions
Copy link

Also available in: Atom PDF