[
https://issues.apache.org/jira/browse/HDDS-6193?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Krishna Kumar Asawa reassigned HDDS-6193:
-----------------------------------------
Assignee: Tejaskriya Madhan
> S3G allows to get directory listing if it's forbidden by ranger policy
> ----------------------------------------------------------------------
>
> Key: HDDS-6193
> URL: https://issues.apache.org/jira/browse/HDDS-6193
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Maksim Myskov
> Assignee: Tejaskriya Madhan
> Priority: Major
>
> I have Ozone configured with Kerberos and Ranger enabled. There are the
> following keys:
> * myvolume/mybucket/key1
> * myvolume/mybuckey/key1/subkey1
> * myvolume/mybucket/key1/subkey2
> I linked "mybucket" to "s3v" volume to get make it available via S3 Gateway.
> I have a ranger deny policy for myvolume/mybucket/key1.
> Finally, if I try to get list of subkeys via S3 API and ozone shell:
> Ozone shell: (deny policy applied)
> {quote}ozone fs -ls o3fs://mybucket.myvolume.ozone/key1/
> ls: User myuser doesn't have READ permission to access key myvolume mybucket
> key1
> {quote}
> S3 CLI: (deny policy ignored)
> {quote}aws s3 ls --endpoint http://myozonecluster:9878 s3://mybucket/key1/
> PRE subkey1/
> PRE subkey2/
> 2022-01-17 22:57:10 0
> {quote}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
