OpenStack Object Storage (swift)

swauth why different user in the same account have same rights?

Asked by eugene lin

A group account is a shared container that all members of the group can read/write to.

I think in a same account ,some users should have read/write privilege ,
 others only have read privilege, it's will be good .

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Object Storage (swift) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Christophe Le Guern (c35sys) said : 		#1

It is possible using ACLs (http://swift.openstack.org/misc.html#acls)

For example, you create a admin user in an account:
# swauth-add-user -A http://<url>:8080/auth/ -K SETONEHERE -a account user1 pass

Then, you create a simple account:
# swauth-add-user -A http://<url>:8080/auth/ -K SETONEHERE account user2 pass

Upload something using user1 in container "mycontainer".

Then, add ACLs to this container:
# swift -v -A http://<url>:8080/auth/v1.0 -U account:user1 -K pass post -r 'account:user2' mycontainer

Verify ACLs:
# swift -v -A http://<url>:8080/auth/v1.0 -U account:user1 -K pass stat mycontainer
...
 Read ACL: account:user2
...

Then it should work:
# swift -v -A http://<url>:8080/auth/v1.0 -U account:user1 -K pass list mycontainer

Hope this helps.

Revision history for this message
eugene lin (linyouqing7) said : 		#2

Hi Christophe Le Guern
Thank you for help.
but i still have question while follow your institution

root@localhost:~# swift -A https://192.168.1.87/auth/v1.0 -U test:tester -K testing list myfile
swift-demo.tar.gz
root@localhost:~# swift -A https://192.168.1.87/auth/v1.0 -U test:tester -K testing stat myfile
  Account: AUTH_8fe9cbae-83bc-464a-a556-645108d7d36e
Container: myfile
  Objects: 1
    Bytes: 69048
 Read ACL: test:test2
Write ACL:
  Sync To:
 Sync Key:
Accept-Ranges: bytes

but the test:test2 still have right to upload objects in container myfile , it's seem acl didn't work.

root@localhost:~# swift -v -A https://192.168.1.87/auth/v1.0 -U test:test2 -K testing upload myfile swift-python-demo.tar.bz2
swift-python-demo.tar.bz2
root@localhost:~# swift -A https://192.168.1.87/auth/v1.0 -U test:tester -K testing list myfile
swift-demo.tar.gz
swift-python-demo.tar.bz2

Revision history for this message
Christophe Le Guern (c35sys) said : 		#3

How did you create "test:test2" ?

Verify you didn't give "test:test2" the admin right (the -a option with swauth-add-user).

Can you help with this problem?

Provide an answer of your own, or ask eugene lin for more information if necessary.

To post a message you must log in.