Bug #38523
I can delete a public-read-write bucket which is belong to other user, is this right?
0%
Description
I can delete a public-read-write bucket which is belong to other user,But the below table definition is can write or delete objects in the bucket.
So is this right?
Permission Bucket Object
READ Grantee can list the objects in the bucket. Grantee can read the object.
WRITE Grantee can write or delete objects in the bucket. N/A
READ_ACP Grantee can read bucket ACL. Grantee can read the object ACL.
WRITE_ACP Grantee can write bucket ACL. Grantee can write to the object ACL.
FULL_CONTROL Grantee has full permissions for object in the bucket. Grantee can read or write to the object ACL.
Related issues
History
#1 Updated by liang sibin about 5 years ago
ceph -v
ceph version 12.2.5 (cad919881333ac92274171586c827e01f554a70a) luminous (stable)
#2 Updated by Casey Bodley about 5 years ago
- Assignee set to Adam Emerson
#3 Updated by Matt Benjamin about 5 years ago
aemerson, can you comment?
Matt
#4 Updated by Adam Emerson about 5 years ago
- Status changed from New to In Progress
- Target version set to v15.0.0
- Source set to Community (user)
This is the correct behavior, but I'll update the documentation with the exact mapping between S3 operations and ACL permissions.
Amazon considers ACLs deprecated and suggests the use of bucket policy. It lets you specify much finer control over exactly which operations are supported.
#5 Updated by Adam Emerson about 5 years ago
- Status changed from In Progress to Fix Under Review
- Pull request ID set to 26827
Documentation updated in: https://github.com/ceph/ceph/pull/26827
#6 Updated by Casey Bodley about 5 years ago
- Status changed from Fix Under Review to Pending Backport
- Backport set to luminous mimic
#7 Updated by Nathan Cutler about 5 years ago
- Copied to Backport #38667: luminous: I can delete a public-read-write bucket which is belong to other user, is this right? added
#8 Updated by Nathan Cutler about 5 years ago
- Copied to Backport #38668: mimic: I can delete a public-read-write bucket which is belong to other user, is this right? added
#9 Updated by Nathan Cutler about 5 years ago
- Status changed from Pending Backport to Resolved