Thanks all
David if you can explain how to create subusers with keys i happy to try
and explain to my boss.
The issue i had with the ACLs, for some reason when i upload a file, to
bucket_a with user_a
user_b cant read the file even tho user_b has read permissions on the
bucket.
And i tired what Adam said to set the ACLs
s3cmd setacl s3://bucket_name --acl-grant=read:someuser
s3cmd setacl s3://bucket_name --acl-grant=write:differentuser
but has no luck its like the object is locked to that user only, with what
ever permissions i set on the bucket it self
On Mon, Nov 6, 2017 at 4:43 PM, David Turner <drakonst...@gmail.com> wrote:
> If you don't mind juggling multiple access/secret keys, you can use
> subusers. Just have 1 user per bucket and create subusers with read,
> write, etc permissions. The objects are all owned by the 1 user that
> created the bucket, and then you pass around the subuser keys to the
> various apps that need that access to the bucket. It's not pretty, but it
> works without altering object permissions.
>
> On Mon, Nov 6, 2017 at 11:38 AM Adam C. Emerson <aemer...@redhat.com>
> wrote:
>
>> On 06/11/2017, nigel davies wrote:
>> > ok i am using Jewel vershion
>> >
>> > when i try setting permissions using s3cmd or an php script using
>> s3client
>> >
>> > i get the error
>> >
>> > <?xml version="1.0"
>> > encoding="UTF-8"?><Error><Code>InvalidArgument</Code><
>> BucketName>test_bucket</BucketName><RequestId>
>> > (truncated...)
>> > InvalidArgument (client): - <?xml version="1.0"
>> > encoding="UTF-8"?><Error><Code>InvalidArgument</Code><
>> BucketName>test_bucket</BucketName><RequestId>tx00000000
>> >
>> > 000000000000a-005a005b91-109f-default</RequestId><HostId>
>> 109f-default-default</HostId></Error>
>> >
>> >
>> >
>> > in the log on the s3 server i get
>> >
>> > 2017-11-06 12:54:41.987704 7f67a9feb700 0 failed to parse input: {
>> > "Version": "2012-10-17",
>> > "Statement": [
>> > {
>> > "Sid": "usr_upload_can_write",
>> > "Effect": "Allow",
>> > "Principal": {"AWS": ["arn:aws:iam:::user/test"]},
>> > "Action": ["s3:ListBucket", "s3:PutObject"],
>> > "Resource": ["arn:aws:s3:::test_bucket"]
>> > }
>> > 2017-11-06 12:54:41.988219 7f67a9feb700 1 ====== req done
>> > req=0x7f67a9fe57e0 op status=-22 http_status=400 ======
>> >
>> >
>> > Any advice on this one
>>
>> Well! If you upgrade to Luminous the advice I gave you will work
>> perfectly. Also Luminous has a bunch of awesome, wonderful new
>> features like Bluestore in it (and really what other enterprise
>> storage platform promises to color your data such a lovely hue?)
>>
>> But, if you can't, I think something like:
>>
>> s3cmd setacl s3://bucket_name --acl_grant=read:someuser
>> s3cmd setacl s3://bucket_name --acl_grant=write:differentuser
>>
>> Should work. Other people than I know a lot more about ACLs.
>>
>> --
>> Senior Software Engineer Red Hat Storage, Ann Arbor, MI, US
>> IRC: Aemerson@OFTC, Actinic@Freenode
>> 0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C 7C12 80F7 544B 90ED BFB9
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@lists.ceph.com
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>>
>
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
