Ask Your Question
0

Is there a way to allow a non-admin user to list objects within a container?

asked 2011-06-24 12:18:14 -0500

irmatov gravatar image

Let's say a have an account 'myaccount', admin user 'root' within that account and ordinary user 'joe'. Admin grants public access to container 'myfiles' and write access to user 'joe':

st -A ... -U myaccount:admin -K ... post -r '.r:*' -w 'myaccount:joe' myfiles

User 'joe' can successfully upload files to that container. But he cannot list objects within this container (st list myfiles gives 403 Forbidden). Is there a possibility to grant him such ability?

P.S. I am using Swift 1.3.0 Cactus

edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
0

answered 2011-06-27 11:59:18 -0500

btorch gravatar image

Sarkor, I believe that if you give the container only "X-Container-Read: .r:*,.rlistings" , it will make it public and allow object listing.

edit flag offensive delete link more
0

answered 2011-06-27 13:01:56 -0500

irmatov gravatar image

Thanks Marcelo Martins, that solved my question.

edit flag offensive delete link more
0

answered 2011-06-26 14:50:07 -0500

btorch gravatar image

Hi Timur,

I have tested this on 1.3 and seems to work fine. Here it what I have done in order to allow the listing.

stackusers = the account where I have one admin user and one regular user

  • Using the admin account I set the X-Container-Read for the container as shown below: curl -i -H "TOKEN" -H "X-Container-Read: .r:*,stakusers,.rlistings" -X POST URL/container1

Then I was able to do a listing with the regular user account

Ref: http://swift.openstack.org/misc.html#module-swift.common.middleware.acl (http://swift.openstack.org/misc.html#...)


root@saio-2:~/swift-saio.sh# curl -i -H "REGULAR USER TOKEN" -X GET URL/container1 HTTP/1.1 403 Forbidden Content-Length: 157 Content-Type: text/html; charset=UTF-8 Date: Sun, 26 Jun 2011 14:43:03 GMT

<html> <head> <title>403 Forbidden</title> </head> <body>

403 Forbidden

Access was denied to this resource.

</body>

root@saio-2:~/swift-saio.sh# curl -i -H "ADMIN USER TOKEN" -H "X-Container-Read: .r:*,stakusers,.rlistings" -X POST URL/container1
HTTP/1.1 204 No Content Content-Length: 0 Content-Type: text/html; charset=UTF-8 Date: Sun, 26 Jun 2011 14:43:28 GMT

root@saio-2:~/swift-saio.sh# curl -i -H "ADMIN USER TOKEN" -X HEAD URL/container1 HTTP/1.1 204 No Content X-Container-Object-Count: 30 X-Container-Read: .r:*,stakusers,.rlistings X-Container-Bytes-Used: 12573393 Content-Length: 0 Date: Sun, 26 Jun 2011 14:43:46 GMT

root@saio-2:~/swift-saio.sh# curl -i -H "REGULAR USER TOKEN" -X GET URL/container1 HTTP/1.1 200 OK X-Container-Object-Count: 30 X-Container-Read: .r:*,stakusers,.rlistings X-Container-Bytes-Used: 12573393 Content-Length: 1257 Content-Type: text/plain; charset=utf8 Date: Sun, 26 Jun 2011 14:43:56 GMT

/etc/swift/account-server/1-account-server.conf /etc/swift/account-server/2-account-server.conf /etc/swift/account-server/3-account-server.conf /etc/swift/account-server/4-account-server.conf /etc/swift/account.builder /etc/swift/account.ring.gz /etc/swift/backups/1309098889.object.builder /etc/swift/backups/1309098898.object.builder /etc/swift/backups/1309098898.object.ring.gz /etc/swift/backups/1309098909.container.builder /etc/swift/backups/1309098917.container.builder /etc/swift/backups/1309098917.container.ring.gz /etc/swift/backups/1309098928.account.builder /etc/swift/backups/1309098937.account.builder /etc/swift/backups/1309098937.account.ring.gz /etc/swift/container-server/1-container-server.conf /etc/swift/container-server/2-container-server.conf /etc/swift/container-server/3-container-server.conf /etc/swift/container-server/4-container-server.conf /etc/swift/container.builder /etc/swift/container.ring.gz /etc/swift/drive-audit.conf /etc/swift/object-server/1-object-server.conf /etc/swift/object-server/2-object-server.conf /etc/swift/object-server/3-object-server.conf /etc/swift/object-server/4-object-server.conf /etc/swift/object.builder /etc/swift/object.ring.gz /etc/swift/proxy-server/proxy-server.conf /etc/swift/swift.conf root@saio-2:~/swift-saio.sh#

edit flag offensive delete link more
0

answered 2011-06-27 06:42:59 -0500

Does option '.rlistings' permit listings for all unauthenticated requests or only for authorised users who has read permissions on a container?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-06-24 12:18:14 -0500

Seen: 134 times

Last updated: Jun 27 '11