Ask Your Question
0

Privacy concern: Reseller admins being able to manipulate files from every account

asked 2011-04-26 13:03:29 -0500

rostik-2000 gravatar image

Once reseller admin knows the URL of storage account, he gets total control over the files of that account (read files, delete files, etc.)

At the very least this violates privacy of the users who store their files in swift.

Of course, sensitive information might have been encrypted before adding to swift, but I still wonder whether there was any reason to give such huge permissions for reseller admins?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2011-04-27 13:21:09 -0500

rostik-2000 gravatar image

By the way, the documentation does not mention the fact that reseller admins have such broad permissions. It is only stated that "Admin users can do anything within the account." However, Reseller Admins can do anything within ANY account

edit flag offensive delete link more
0

answered 2011-05-09 20:16:13 -0500

gholt gravatar image

This is true that, with Swauth, reseller admins can do anything with any account (within the realm of that Swauth setup, which usually means within the realm of a single reseller_prefix).

There is a reseller_prefix in the config that defaults to AUTH, but can be set to anything, so you can separate different resellers with multiple Swauths with different reseller_prefix settings.

A reseller admin in this context is someone who very well may need to fix a user's account for them, migration their data, etc. etc.

Any auth system can be made for Swift, Swauth is just an example.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-04-26 13:03:29 -0500

Seen: 95 times

Last updated: May 09 '11