Bug #38523
closed
I can delete a public-read-write bucket which is belong to other user, is this right?
Added by liang sibin about 5 years ago.
Updated about 5 years ago.
Description
I can delete a public-read-write bucket which is belong to other user,But the below table definition is can write or delete objects in the bucket.
So is this right?
Permission Bucket Object
READ Grantee can list the objects in the bucket. Grantee can read the object.
WRITE Grantee can write or delete objects in the bucket. N/A
READ_ACP Grantee can read bucket ACL. Grantee can read the object ACL.
WRITE_ACP Grantee can write bucket ACL. Grantee can write to the object ACL.
FULL_CONTROL Grantee has full permissions for object in the bucket. Grantee can read or write to the object ACL.
ceph -v
ceph version 12.2.5 (cad919881333ac92274171586c827e01f554a70a) luminous (stable)
- Assignee set to Adam Emerson
aemerson, can you comment?
Matt
- Status changed from New to In Progress
- Target version set to v15.0.0
- Source set to Community (user)
This is the correct behavior, but I'll update the documentation with the exact mapping between S3 operations and ACL permissions.
Amazon considers ACLs deprecated and suggests the use of bucket policy. It lets you specify much finer control over exactly which operations are supported.
- Status changed from In Progress to Fix Under Review
- Pull request ID set to 26827
- Status changed from Fix Under Review to Pending Backport
- Backport set to luminous mimic
- Copied to Backport #38667: luminous: I can delete a public-read-write bucket which is belong to other user, is this right? added
- Copied to Backport #38668: mimic: I can delete a public-read-write bucket which is belong to other user, is this right? added
- Status changed from Pending Backport to Resolved
Also available in: Atom
PDF