* rgw: how to prevent rgw user from creating a new bucket?
@ 2016-12-02 11:18 Yang Joseph
[not found] ` <584158A2.9020303-/BaA95PH9wJWk0Htik3J/w@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: Yang Joseph @ 2016-12-02 11:18 UTC (permalink / raw)
To: ceph-devel; +Cc: ceph-users-idqoXFIVOFJgJs9I8MT0rw, Javen Wu
Hello,
I would like only to allow the user to read the object in a already
existed bucket, and not allow users
to create new bucket. It supposed to execute the following command:
$ radosgw-admin metadata put user:test3 < ...
...
"caps": [
{
"type": "buckets",
"perm": "read"
}
But why user test3 can still create new bucket after I have set its caps
to "buckets=read"?
thx,
Yang Honggang
^ permalink raw reply [flat|nested] 3+ messages in thread[parent not found: <584158A2.9020303-/BaA95PH9wJWk0Htik3J/w@public.gmane.org>]
* Re: rgw: how to prevent rgw user from creating a new bucket? [not found] ` <584158A2.9020303-/BaA95PH9wJWk0Htik3J/w@public.gmane.org> @ 2016-12-02 16:13 ` Yehuda Sadeh-Weinraub 2016-12-05 3:01 ` [ceph-users] " Yang Joseph 0 siblings, 1 reply; 3+ messages in thread From: Yehuda Sadeh-Weinraub @ 2016-12-02 16:13 UTC (permalink / raw) To: Yang Joseph Cc: ceph-devel, Javen Wu, ceph-users-idqoXFIVOFJgJs9I8MT0rw@public.gmane.org On Fri, Dec 2, 2016 at 3:18 AM, Yang Joseph <joseph.yang-/BaA95PH9wJWk0Htik3J/w@public.gmane.org> wrote: > Hello, > > I would like only to allow the user to read the object in a already existed > bucket, and not allow users > to create new bucket. It supposed to execute the following command: > > $ radosgw-admin metadata put user:test3 < ... > ... > "caps": [ > { > "type": "buckets", > "perm": "read" > } > > But why user test3 can still create new bucket after I have set its caps to > "buckets=read"? > Because this cap is unrelated. iirc starting at jewel you can do: $ radosgw-admin user modify --uid=test3 --max-buckets=-1 Yehuda ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [ceph-users] rgw: how to prevent rgw user from creating a new bucket? 2016-12-02 16:13 ` Yehuda Sadeh-Weinraub @ 2016-12-05 3:01 ` Yang Joseph 0 siblings, 0 replies; 3+ messages in thread From: Yang Joseph @ 2016-12-05 3:01 UTC (permalink / raw) To: Yehuda Sadeh-Weinraub; +Cc: ceph-devel, ceph-users@lists.ceph.com, Javen Wu Thank you very much for your response. I‘m confused about what this cap related to? On 12/03/2016 12:13 AM, Yehuda Sadeh-Weinraub wrote: > On Fri, Dec 2, 2016 at 3:18 AM, Yang Joseph <joseph.yang@xtaotech.com> wrote: >> Hello, >> >> I would like only to allow the user to read the object in a already existed >> bucket, and not allow users >> to create new bucket. It supposed to execute the following command: >> >> $ radosgw-admin metadata put user:test3 < ... >> ... >> "caps": [ >> { >> "type": "buckets", >> "perm": "read" >> } >> >> But why user test3 can still create new bucket after I have set its caps to >> "buckets=read"? >> > > Because this cap is unrelated. iirc starting at jewel you can do: > > $ radosgw-admin user modify --uid=test3 --max-buckets=-1 > > Yehuda > -- > To unsubscribe from this list: send the line "unsubscribe ceph-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-12-05 3:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-02 11:18 rgw: how to prevent rgw user from creating a new bucket? Yang Joseph
[not found] ` <584158A2.9020303-/BaA95PH9wJWk0Htik3J/w@public.gmane.org>
2016-12-02 16:13 ` Yehuda Sadeh-Weinraub
2016-12-05 3:01 ` [ceph-users] " Yang Joseph
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.