Ask Your Question
0

swauth why different user in the same account have same rights?

asked 2011-09-30 09:08:20 -0500

linyouqing7 gravatar image

A group account is a shared container that all members of the group can read/write to.

I think in a same account ,some users should have read/write privilege , others only have read privilege, it's will be good .

edit retag flag offensive close merge delete

3 answers

Sort by » oldest newest most voted
0

answered 2011-10-07 16:57:54 -0500

c35sys gravatar image

How did you create "test:test2" ?

Verify you didn't give "test:test2" the admin right (the -a option with swauth-add-user).

edit flag offensive delete link more
0

answered 2011-09-30 10:27:23 -0500

c35sys gravatar image

It is possible using ACLs ( http://swift.openstack.org/misc.html#acls (http://swift.openstack.org/misc.html#...) )

For example, you create a admin user in an account: # swauth-add-user -A http://<url>:8080/auth/ -K SETONEHERE -a account user1 pass

Then, you create a simple account:

swauth-add-user -A http://<url>:8080/auth/ -K SETONEHERE account user2 pass

Upload something using user1 in container "mycontainer".

Then, add ACLs to this container:

swift -v -A http://<url>:8080/auth/v1.0 -U account:user1 -K pass post -r 'account:user2' mycontainer

Verify ACLs:

swift -v -A http://<url>:8080/auth/v1.0 -U account:user1 -K pass stat mycontainer

... Read ACL: account:user2 ...

Then it should work:

swift -v -A http://<url>:8080/auth/v1.0 -U account:user1 -K pass list mycontainer

Hope this helps.

edit flag offensive delete link more
0

answered 2011-10-07 14:14:28 -0500

linyouqing7 gravatar image

Hi Christophe Le Guern Thank you for help. but i still have question while follow your institution

root@localhost:~# swift -A https://192.168.1.87/auth/v1.0 -U test:tester -K testing list myfile swift-demo.tar.gz root@localhost:~# swift -A https://192.168.1.87/auth/v1.0 -U test:tester -K testing stat myfile Account: AUTH_8fe9cbae-83bc-464a-a556-645108d7d36e Container: myfile Objects: 1 Bytes: 69048 Read ACL: test:test2 Write ACL: Sync To: Sync Key: Accept-Ranges: bytes

but the test:test2 still have right to upload objects in container myfile , it's seem acl didn't work.

root@localhost:~# swift -v -A https://192.168.1.87/auth/v1.0 -U test:test2 -K testing upload myfile swift-python-demo.tar.bz2 swift-python-demo.tar.bz2 root@localhost:~# swift -A https://192.168.1.87/auth/v1.0 -U test:tester -K testing list myfile swift-demo.tar.gz swift-python-demo.tar.bz2

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-09-30 09:08:20 -0500

Seen: 73 times

Last updated: Oct 07 '11