If you don't mind juggling multiple access/secret keys, you can use subusers. Just have 1 user per bucket and create subusers with read, write, etc permissions. The objects are all owned by the 1 user that created the bucket, and then you pass around the subuser keys to the various apps that need that access to the bucket. It's not pretty, but it works without altering object permissions.
On Mon, Nov 6, 2017 at 11:38 AM Adam C. Emerson <aemer...@redhat.com> wrote: > On 06/11/2017, nigel davies wrote: > > ok i am using Jewel vershion > > > > when i try setting permissions using s3cmd or an php script using > s3client > > > > i get the error > > > > <?xml version="1.0" > > > encoding="UTF-8"?><Error><Code>InvalidArgument</Code><BucketName>test_bucket</BucketName><RequestId> > > (truncated...) > > InvalidArgument (client): - <?xml version="1.0" > > > encoding="UTF-8"?><Error><Code>InvalidArgument</Code><BucketName>test_bucket</BucketName><RequestId>tx00000000 > > > > > 000000000000a-005a005b91-109f-default</RequestId><HostId>109f-default-default</HostId></Error> > > > > > > > > in the log on the s3 server i get > > > > 2017-11-06 12:54:41.987704 7f67a9feb700 0 failed to parse input: { > > "Version": "2012-10-17", > > "Statement": [ > > { > > "Sid": "usr_upload_can_write", > > "Effect": "Allow", > > "Principal": {"AWS": ["arn:aws:iam:::user/test"]}, > > "Action": ["s3:ListBucket", "s3:PutObject"], > > "Resource": ["arn:aws:s3:::test_bucket"] > > } > > 2017-11-06 12:54:41.988219 7f67a9feb700 1 ====== req done > > req=0x7f67a9fe57e0 op status=-22 http_status=400 ====== > > > > > > Any advice on this one > > Well! If you upgrade to Luminous the advice I gave you will work > perfectly. Also Luminous has a bunch of awesome, wonderful new > features like Bluestore in it (and really what other enterprise > storage platform promises to color your data such a lovely hue?) > > But, if you can't, I think something like: > > s3cmd setacl s3://bucket_name --acl_grant=read:someuser > s3cmd setacl s3://bucket_name --acl_grant=write:differentuser > > Should work. Other people than I know a lot more about ACLs. > > -- > Senior Software Engineer Red Hat Storage, Ann Arbor, MI, US > IRC: Aemerson@OFTC, Actinic@Freenode > 0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C 7C12 80F7 544B 90ED BFB9 > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com