Project

General

Profile

Bug #38523

I can delete a public-read-write bucket which is belong to other user, is this right?

Added by liang sibin about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
% Done:

0%

Source:
Community (user)
Tags:
Backport:
luminous mimic
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

I can delete a public-read-write bucket which is belong to other user,But the below table definition is can write or delete objects in the bucket.
So is this right?
Permission Bucket Object
READ Grantee can list the objects in the bucket. Grantee can read the object.
WRITE Grantee can write or delete objects in the bucket. N/A
READ_ACP Grantee can read bucket ACL. Grantee can read the object ACL.
WRITE_ACP Grantee can write bucket ACL. Grantee can write to the object ACL.
FULL_CONTROL Grantee has full permissions for object in the bucket. Grantee can read or write to the object ACL.


Related issues

Copied to rgw - Backport #38667: luminous: I can delete a public-read-write bucket which is belong to other user, is this right? Resolved
Copied to rgw - Backport #38668: mimic: I can delete a public-read-write bucket which is belong to other user, is this right? Resolved

History

#1 Updated by liang sibin about 5 years ago

ceph -v
ceph version 12.2.5 (cad919881333ac92274171586c827e01f554a70a) luminous (stable)

#2 Updated by Casey Bodley about 5 years ago

  • Assignee set to Adam Emerson

#3 Updated by Matt Benjamin about 5 years ago

aemerson, can you comment?

Matt

#4 Updated by Adam Emerson about 5 years ago

  • Status changed from New to In Progress
  • Target version set to v15.0.0
  • Source set to Community (user)

This is the correct behavior, but I'll update the documentation with the exact mapping between S3 operations and ACL permissions.

Amazon considers ACLs deprecated and suggests the use of bucket policy. It lets you specify much finer control over exactly which operations are supported.

#5 Updated by Adam Emerson about 5 years ago

  • Status changed from In Progress to Fix Under Review
  • Pull request ID set to 26827

Documentation updated in: https://github.com/ceph/ceph/pull/26827

#6 Updated by Casey Bodley about 5 years ago

  • Status changed from Fix Under Review to Pending Backport
  • Backport set to luminous mimic

#7 Updated by Nathan Cutler about 5 years ago

  • Copied to Backport #38667: luminous: I can delete a public-read-write bucket which is belong to other user, is this right? added

#8 Updated by Nathan Cutler about 5 years ago

  • Copied to Backport #38668: mimic: I can delete a public-read-write bucket which is belong to other user, is this right? added

#9 Updated by Nathan Cutler about 5 years ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF