In my case, I want to set access permissions to all the users except for this user "tester3" and according to the documentation "-" is to be prefixed to deny access to the user. But even after setting the "-" for the user "tester3", read access is granted to it. Can anyone who has used it provide some inputs.
On Fri, Dec 16, 2011 at 4:29 AM, pf shineyear <shin...@gmail.com> wrote: > if u set .r:* all user can GET, so try to not set .r:* just set > .r:-test:tester3 is enough > > > On Fri, Dec 16, 2011 at 12:19 AM, Mohammed Junaid <mohdjunaid...@gmail.com > > wrote: > >> Hi All, >> >> I am testing acl support in swift-1.4.5. According to the document >> http://swift.openstack.org/misc.html#module-swift.common.middleware.acl the >> syntax to allow all non-admin users read access to the container except for >> one is as following. >> >> Executing the curl following curl command from an admin user. >> curl -v -X POST -H 'X-Auth-Token: >> AUTH_tkea3fdbf40e5b40708a51db0377be3f47' >> http://127.0.0.1:8080/v1/AUTH_test/cont -H 'X-Container-Read: >> .r:*,.rlistings,.r:-test:tester3' >> >> curl -v -X HEAD -H 'X-Auth-Token: >> AUTH_tkea3fdbf40e5b40708a51db0377be3f47' >> http://127.0.0.1:8080/v1/AUTH_test/cont >> *About to connect() to 127.0.0.1 port 8080 (#0) >> * Trying 127.0.0.1... connected >> * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0) >> > HEAD /v1/AUTH_test/cont HTTP/1.1 >> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ >> 3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2 >> > Host: 127.0.0.1:8080\ >> > Accept: >> > X-Auth-Token: AUTH_tkea3fdbf40e5b40708a51db0377be3f47 >> > >> < HTTP/1.1 204 No Content >> < X-Container-Object-Count: 10 >> < X-Container-Read: .r:*,.rlistings,.r:-test:tester3 >> < X-Container-Bytes-Used: 100000000 >> < Accept-Ranges: bytes >> < Content-Length: 0 >> < Date: Thu, 15 Dec 2011 18:38:25 GMT >> < >> * Connection #0 to host 127.0.0.1 left intact >> * Closing connection #0 >> -- >> >> But GET operations still succeed for the user tester3. What else is >> required to make the swift-server deny this user from doing GET operations. >> Thanks in advance. >> >> regards, >> Junaid >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp >> >> > -- regards, Junaid
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp