Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to prohibit S3 users from deleting Object

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to prohibit S3 users from deleting Object". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn how to prohibit S3 users from deleting Object.

Requirement description: the deletion permission of some S3 accounts needs to be disabled, but the default DELETE operation is controlled by bucket WIRTE permission, and the DELETE operation cannot be split separately.

The solution is as follows:

1. Filter the DELETE operations requested by the frontend HTTP (need to write some code)

two。 Modify the metadata information of S3 built-in users. This is the method used in this article.

1. Confirm user metadata information root@demo# radosgw-admin metadata get user:s3user {"key": "user:s3user", "ver": {"tag": "_ HUtHU_6yBqHTSzDLb9y8tjX", "ver": 2}, "mtime": 1493110079, "data": {"user_id": "s3user", "display_name": "s3user", "email": "" "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [], "keys": [{"user": "s3user", "access_key": "xxx", "secret_key": "xxx"}] "swift_keys": [], "caps": [], "op_mask": "read, write,delete", # there are delete permissions "default_placement": "," placement_tags ": []," bucket_quota ": {" enabled ": false," max_size_kb ":-1 Max_objects:-1}, user_quota: {"enabled": false, "max_size_kb":-1, "max_objects":-1}, "temp_url_keys": []} 2. Modify user metadata information export user metadataroot@demo# radosgw-admin metadata get user:s3user > s3user.json modify user metadata

Modify the generated s3user.json file, modify "op_mask", and delete the "delete" field

"op_mask": "read, write", import user metadataroot@demo6# radosgw-admin metadata put user:s3user < s3user.json to confirm whether the configuration takes effect root@demo# radosgw-admin metadata get user:s3user {"key": "user:s3user", "ver": {"tag": "_ HUtHU_6yBqHTSzDLb9y8tjX", "ver": 2}, "mtime": 1493110079 "data": {"user_id": "s3user", "display_name": "s3user", "email": "", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [], "keys": [{"user": "s3user" "access_key": "xxx", "secret_key": "xxx"}], "swift_keys": [], "caps": [], "op_mask": "read, write", # delete permission "default_placement": "", "placement_tags": [] "bucket_quota": {"enabled": false, "max_size_kb":-1, "max_objects":-1}, "user_quota": {"enabled": false, "max_size_kb":-1, "max_objects":-1} Temp_url_keys: []} 3. Verify from boto.s3.connection import S3Connectionimport botoendpoint = 's3.ceph.work'bucket_name =' test1'access_key = 'xx'secret_key =' xx'local_file ='/ tmp/ct.shutdown'key_name = 'new_file'conn = boto.connect_s3 (aws_access_key_id=access_key, aws_secret_access_key=secret_key, host=endpoint, is_secure=False, calling_format=boto.s3.connection.SubdomainCallingFormat (), validate_certs=True ) bucket = conn.create_bucket (bucket_name) key_ = bucket.new_key (key_name) key_.set_contents_from_filename (local_file) # method 1bucket.delete_keys ([key_name]) # method key_.delete () # method bucket.delete_key (key_name)

The above three methods will all prompt a 403 error.

Traceback (most recent call last): .boto.exception.S3ResponseError: S3ResponseError: 403 ForbiddenAccessDenied Thank you for your reading, the above is the content of "how to prohibit S3 users from deleting Object". After the study of this article, I believe you have a deeper understanding of how to prohibit S3 users from deleting Object, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report