Project

General

Profile

Bug #38523

I can delete a public-read-write bucket which is belong to other user, is this right?

Added by liang sibin 6 months ago. Updated 5 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
Start date:
03/01/2019
Due date:
% Done:

0%

Source:
Community (user)
Tags:
Backport:
luminous mimic
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

I can delete a public-read-write bucket which is belong to other user,But the below table definition is can write or delete objects in the bucket.
So is this right?
Permission Bucket Object
READ Grantee can list the objects in the bucket. Grantee can read the object.
WRITE Grantee can write or delete objects in the bucket. N/A
READ_ACP Grantee can read bucket ACL. Grantee can read the object ACL.
WRITE_ACP Grantee can write bucket ACL. Grantee can write to the object ACL.
FULL_CONTROL Grantee has full permissions for object in the bucket. Grantee can read or write to the object ACL.


Related issues

Copied to rgw - Backport #38667: luminous: I can delete a public-read-write bucket which is belong to other user, is this right? Resolved
Copied to rgw - Backport #38668: mimic: I can delete a public-read-write bucket which is belong to other user, is this right? Resolved

History

#1 Updated by liang sibin 6 months ago

ceph -v
ceph version 12.2.5 (cad919881333ac92274171586c827e01f554a70a) luminous (stable)

#2 Updated by Casey Bodley 6 months ago

  • Assignee set to Adam Emerson

#3 Updated by Matt Benjamin 6 months ago

aemerson, can you comment?

Matt

#4 Updated by Adam Emerson 6 months ago

  • Status changed from New to In Progress
  • Target version set to v15.0.0
  • Source set to Community (user)

This is the correct behavior, but I'll update the documentation with the exact mapping between S3 operations and ACL permissions.

Amazon considers ACLs deprecated and suggests the use of bucket policy. It lets you specify much finer control over exactly which operations are supported.

#5 Updated by Adam Emerson 6 months ago

  • Status changed from In Progress to Need Review
  • Pull request ID set to 26827

Documentation updated in: https://github.com/ceph/ceph/pull/26827

#6 Updated by Casey Bodley 6 months ago

  • Status changed from Need Review to Pending Backport
  • Backport set to luminous mimic

#7 Updated by Nathan Cutler 6 months ago

  • Copied to Backport #38667: luminous: I can delete a public-read-write bucket which is belong to other user, is this right? added

#8 Updated by Nathan Cutler 6 months ago

  • Copied to Backport #38668: mimic: I can delete a public-read-write bucket which is belong to other user, is this right? added

#9 Updated by Nathan Cutler 5 months ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF