[
https://issues.apache.org/jira/browse/HDDS-6942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ritesh H Shukla updated HDDS-6942:
----------------------------------
Description:
The permission model backing buckets follow unix semantics and users who are in
the same group can read others' buckets by default. This was tested against
Native Authorizer
This is not intuitive for S3 APIs and by default, the permission applied should
not allow read by users of the same group. Currently, any bucket created is
readable by all users in the same group.
was:
The permission model backing buckets follow unix semantics and users who are in
the same group can read others' buckets by default. This was tested against
Native Authorizer
This is not intuitive for S3 APIs and by default, the permission applied should
not allow read by users of the same group. Currently, any bucket created is
readable by all users in the same group.
ToDo:
# Test behavior when using Ranger
# Add smoke tests
Summary: Ozone vol/bucket/objects created via S3 should not allow group
access by default (was: Buckets created via S3 should not allow read access
for users in same group)
> Ozone vol/bucket/objects created via S3 should not allow group access by
> default
> --------------------------------------------------------------------------------
>
> Key: HDDS-6942
> URL: https://issues.apache.org/jira/browse/HDDS-6942
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Ritesh H Shukla
> Priority: Major
> Labels: pull-request-available
>
> The permission model backing buckets follow unix semantics and users who are
> in the same group can read others' buckets by default. This was tested
> against Native Authorizer
> This is not intuitive for S3 APIs and by default, the permission applied
> should not allow read by users of the same group. Currently, any bucket
> created is readable by all users in the same group.
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
