Hi All, I am testing acl support in swift-1.4.5. According to the document http://swift.openstack.org/misc.html#module-swift.common.middleware.acl the syntax to allow all non-admin users read access to the container except for one is as following.
Executing the curl following curl command from an admin user. curl -v -X POST -H 'X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47' http://127.0.0.1:8080/v1/AUTH_test/cont -H 'X-Container-Read: .r:*,.rlistings,.r:-test:tester3' curl -v -X HEAD -H 'X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47' http://127.0.0.1:8080/v1/AUTH_test/cont *About to connect() to 127.0.0.1 port 8080 (#0) * Trying 127.0.0.1... connected * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0) > HEAD /v1/AUTH_test/cont HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ 3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2 > Host: 127.0.0.1:8080\ > Accept: > X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47 > < HTTP/1.1 204 No Content < X-Container-Object-Count: 10 < X-Container-Read: .r:*,.rlistings,.r:-test:tester3 < X-Container-Bytes-Used: 100000000 < Accept-Ranges: bytes < Content-Length: 0 < Date: Thu, 15 Dec 2011 18:38:25 GMT < * Connection #0 to host 127.0.0.1 left intact * Closing connection #0 -- But GET operations still succeed for the user tester3. What else is required to make the swift-server deny this user from doing GET operations. Thanks in advance. regards, Junaid
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp