Bug #63791
closedRGW: a subuser with no permission can still list buckets and create buckets
0%
Description
Hi,
I just found out a subuser with no permission can still list buckets and create buckets. Is it a bug or a feature? Because as I know, this issue has been there for a long time
Updated by Casey Bodley 5 months ago
is this with s3? subusers were invented for swift, so the interactions with s3 have never been well-defined
Updated by hoan nv 5 months ago
Casey Bodley wrote:
is this with s3? subusers were invented for swift, so the interactions with s3 have never been well-defined
I have same problem.
From 14 ceph versions, ceph rgw can assign permission to s3 subuser. It is a helpful feature.
So if this feature can improve, it will be great.
Updated by Shreyansh Sancheti 4 months ago
- Status changed from New to Need More Info
Casey Bodley wrote:
is this with s3? subusers were invented for swift, so the interactions with s3 have never been well-defined
So a subuser with no permission should be able to do what operations? I mean it should not be able to list buckets and create new ones is that the request?.
Updated by hoan nv 4 months ago
Shreyansh Sancheti wrote:
Casey Bodley wrote:
is this with s3? subusers were invented for swift, so the interactions with s3 have never been well-defined
So a subuser with no permission should be able to do what operations? I mean it should not be able to list buckets and create new ones is that the request?.
subuser with no permission should not able to do anything.
Updated by Shreyansh Sancheti 4 months ago
- Status changed from Need More Info to In Progress
Updated by Daniel Gryniewicz 28 days ago
- Status changed from In Progress to Fix Under Review
Updated by Casey Bodley 22 days ago
- Status changed from Fix Under Review to Resolved
Updated by Pierre Riteau 7 days ago
I believe this is also an issue for subusers with read permissions: they can still create buckets (at least on Quincy 17.2.6).