Bug #66105: rgw: only consider subuser perm for its user resources - rgw - Ceph

Actions

Copy link

Bug #66105

open

rgw: only consider subuser perm for its user resources

Added by Seena Fallah 15 days ago. Updated 10 days ago.

Status:

Fix Under Review

Priority:

Normal

Assignee:

Target version:

% Done:

Source:

Tags:

subuser

Backport:

squid reef

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

57539

Crash signature (v1):

Crash signature (v2):

Description

Currently, subusers inherit ACL permissions from the parent account, and the permission check using `op_to_perm()`, performed before considering the resource (bucket/object) ACLs, may deny access even if the resource has authenticated or public read/write permissions. Since ACLs do not support subusers, a subuser's permissions should only be considered for resources owned by their user. For accessing other resources, subusers should only be granted access if public read/write permissions are available.