rgw用户中的caps指的是什么
发表于:2025-01-31 作者:千家信息网编辑
千家信息网最后更新 2025年01月31日,这期内容当中小编将会给大家带来有关rgw用户中的caps指的是什么,文章内容丰富且以专业的角度为大家分析和叙述,阅读完这篇文章希望大家可以有所收获。可以用以下命令为用户添加所有的caps,拥有对应的c
千家信息网最后更新 2025年01月31日rgw用户中的caps指的是什么
这期内容当中小编将会给大家带来有关rgw用户中的caps指的是什么,文章内容丰富且以专业的角度为大家分析和叙述,阅读完这篇文章希望大家可以有所收获。
可以用以下命令为用户添加所有的caps,拥有对应的cap的用户可以操作不仅限与属于用户自己的桶和对象和其他用户,可以看作拥有管理员的某种权限
radosgw-admin caps add --uid=admin --caps="users=*;buckets=*;metadata=*;usage=*;zone=*"
*代表read和write
可以按照以下方式为不同的用户添加不同的caps,但是不建议给普通用户开启任何caps
testcaps1用户radosgw-admin caps add --uid=testcaps1 --caps="users=*" testcaps2用户radosgw-admin caps add --uid=testcaps2 --caps="buckets=*"testcaps3用户radosgw-admin caps add --uid=testcaps3 --caps="metadata=*" testcaps4用户radosgw-admin caps add --uid=testcaps4 --caps="usage=*"testcaps5用户radosgw-admin caps add --uid=testcaps5 --caps="zone=*"
对照http://docs.ceph.com/docs/jewel/radosgw/adminops/的介绍
cap为usage=read
用户拥有 usage=read 的可以查看调用admin rest api 的 usage 接口
于是只有testcaps4是可以
GET /admin/usage?format=json&start=2016-07-26%2013:00:00&show-entries=True&show-summary=True HTTP/1.1Host: yuliyangdebugweb68.tunnel.qydev.comUser-Agent: python-requests/2.10.0Accept: */*Accept-Encoding: gzip, deflateAuthorization: AWS testcaps4:Hk5gPweXZKBNraDK8/1XvHv8Umw=Connection: keep-aliveDate: Tue, 26 Jul 2016 05:51:21 GMTHTTP/1.1 200 OKContent-Length: 27Connection: Keep-AliveDate: Tue, 26 Jul 2016 05:48:50 GMTX-Amz-Request-Id: tx000000000000000000145-005796f9c2-a8f9f-default{"entries":[],"summary":[]}其他用户则无权限获取usage的统计信息
GET /admin/usage?format=json&start=2016-07-26%2013:00:00&show-entries=True&show-summary=True HTTP/1.1Host: yuliyangdebugweb68.tunnel.qydev.comUser-Agent: python-requests/2.10.0Accept: */*Accept-Encoding: gzip, deflateAuthorization: AWS testcaps5:fJZkl8WezcmVz9/aekKsjbq0DrE=Connection: keep-aliveDate: Tue, 26 Jul 2016 05:51:15 GMTHTTP/1.1 403 ForbiddenContent-Length: 119Accept-Ranges: bytesConnection: Keep-AliveContent-Type: application/jsonDate: Tue, 26 Jul 2016 05:48:44 GMTX-Amz-Request-Id: tx000000000000000000144-005796f9bc-a8f9f-default{"Code":"AccessDenied","RequestId":"tx000000000000000000144-005796f9bc-a8f9f-default","HostId":"a8f9f-default-default"}cap为usage=write
拥有该cap的用户可以删除usage的统计信息
DELETE /{admin}/usage?format=json HTTP/1.1#cap为users=read 该cap的用户可以获取用户信息 display_name user_id suspended max_buckets subusers keys swift_keys caps,获取配额信息
GET /{admin}/user?format=json HTTP/1.1cap为users=write
该cap的用户可以创建或修改或删除其他用户或子用户,添加用户的cap,删除用户cap,创建key,删除key,修改key,修改配额
PUT /{admin}/user?format=json HTTP/1.1Host: {fqdn}PUT /{admin}/user?caps&format=json HTTP/1.1Host {fqdn}cap为buckets=read
该cap的用户可获取bucket信息,对象或Bucket的acl
GET /{admin}/bucket?format=json HTTP/1.1Host {fqdn}GET /{admin}/bucket?policy&format=json HTTP/1.1Host {fqdn}cap为buckets=write
该cap的用户可以check bucket index,删除bucket,unlink bucket,link bucket,删除对象(不论桶还是对象是不是属于该用户)
GET /{admin}/bucket?index&format=json HTTP/1.1Host {fqdn}DELETE /{admin}/bucket?format=json HTTP/1.1Host {fqdn}POST /{admin}/bucket?format=json HTTP/1.1Host {fqdn}PUT /{admin}/bucket?format=json HTTP/1.1Host {fqdn}DELETE /{admin}/bucket?object&format=json HTTP/1.1Host {fqdn}cap为metadata=read
该cap的用户可以读取user 和 bucket的metadata
radosgw-admin metadata get user:admin{ "key": "user:admin", "ver": { "tag": "_cz1Iiuv69GdQbVsCAoagBik", "ver": 15 }, "mtime": "2016-07-25 04:28:35.014334Z", "data": { "user_id": "admin", "display_name": "admin", "email": "admin@cmss.com", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [ { "id": "admin:swift", "permissions": "full-control" } ], "keys": [ { "user": "admin", "access_key": "F3ZKGR2Q6M8QJA5AVBAB", "secret_key": "sQzliizcmlSJg1BL6nOpL41hYRvg7dLXTxFtOZb2" }, { "user": "admin", "access_key": "H3085SM4LQUT5IVNC39D", "secret_key": "2z3Bw09EDyhtO11rH7DyZBioyaHozZDM4mZCOi9r" }, { "user": "admin:yuliyangtests3002", "access_key": "VCFIBX41YJQ9U4NB9F6A", "secret_key": "GoUcvNUe52KoZJux24V2mMFkkaN1Bh2TGdTOkxUD" }, { "user": "admin", "access_key": "admin", "secret_key": "admin" }, { "user": "admin:admin-subuser3", "access_key": "admin-subuser3", "secret_key": "admin-subuser3" }, { "user": "admin:admin-subuser4", "access_key": "admin-subuser4", "secret_key": "admin-subuser4" } ], "swift_keys": [ { "user": "admin:swift", "secret_key": "FlC7XZuiLjdTjSC1wZ9S2KnIlccrQkSGm0P0vHvl" }, { "user": "admin:yuliyangswift1", "secret_key": "作s为俄" } ], "caps": [ { "type": "buckets", "perm": "*" }, { "type": "metadata", "perm": "*" }, { "type": "usage", "perm": "*" }, { "type": "users", "perm": "*" }, { "type": "zone", "perm": "*" } ], "op_mask": "read, write, delete", "default_placement": "", "placement_tags": [], "bucket_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "user_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "temp_url_keys": [], "attrs": [ { "key": "user.rgw.idtag", "val": "" }, { "key": "user.rgw.manifest", "val": "" } ] }}radosgw-admin metadata get bucket:bababa{ "key": "bucket:bababa", "ver": { "tag": "_8KAo6w6VPo5fhGtzTvxwRaE", "ver": 1 }, "mtime": "2016-07-24 23:43:19.214419Z", "data": { "bucket": { "name": "bababa", "pool": "default.rgw.buckets.data", "data_extra_pool": "default.rgw.buckets.non-ec", "index_pool": "default.rgw.buckets.index", "marker": "b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2", "bucket_id": "b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2" }, "owner": "date2", "creation_time": "0.000000", "linked": "true", "has_bucket_info": "false" }}user的metadata
GET /admin/metadata/user?format=json&key=admin HTTP/1.1Host: yuliyangdebugweb68.tunnel.qydev.comUser-Agent: python-requests/2.10.0Accept: */*Accept-Encoding: gzip, deflateAuthorization: AWS testcaps3:qSnsnWOB9hljBBZz+wumQKm/qfM=Connection: keep-aliveDate: Wed, 27 Jul 2016 02:17:35 GMTHTTP/1.1 200 OKContent-Length: 1497Connection: Keep-AliveContent-Type: application/jsonDate: Wed, 27 Jul 2016 02:15:02 GMTX-Amz-Request-Id: tx00000000000000000033e-0057981926-a8f9f-default{"key":"user:admin","ver":{"tag":"_cz1Iiuv69GdQbVsCAoagBik","ver":15},"mtime":"2016-07-25 04:28:35.014334Z","data":{"user_id":"admin","display_name":"admin","email":"admin@cmss.com","suspended":0,"max_buckets":1000,"auid":0,"subusers":[{"id":"admin:swift","permissions":"full-control"}],"keys":[{"user":"admin","access_key":"F3ZKGR2Q6M8QJA5AVBAB","secret_key":"sQzliizcmlSJg1BL6nOpL41hYRvg7dLXTxFtOZb2"},{"user":"admin","access_key":"H3085SM4LQUT5IVNC39D","secret_key":"2z3Bw09EDyhtO11rH7DyZBioyaHozZDM4mZCOi9r"},{"user":"admin:yuliyangtests3002","access_key":"VCFIBX41YJQ9U4NB9F6A","secret_key":"GoUcvNUe52KoZJux24V2mMFkkaN1Bh2TGdTOkxUD"},{"user":"admin","access_key":"admin","secret_key":"admin"},{"user":"admin:admin-subuser3","access_key":"admin-subuser3","secret_key":"admin-subuser3"},{"user":"admin:admin-subuser4","access_key":"admin-subuser4","secret_key":"admin-subuser4"}],"swift_keys":[{"user":"admin:swift","secret_key":"FlC7XZuiLjdTjSC1wZ9S2KnIlccrQkSGm0P0vHvl"},{"user":"admin:yuliyangswift1","secret_key":"作s为俄"}],"caps":[{"type":"buckets","perm":"*"},{"type":"metadata","perm":"*"},{"type":"usage","perm":"*"},{"type":"users","perm":"*"},{"type":"zone","perm":"*"}],"op_mask":"read, write, delete","default_placement":"","placement_tags":[],"bucket_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1},"user_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1},"temp_url_keys":[],"attrs":[{"key":"user.rgw.idtag","val":""},{"key":"user.rgw.manifest","val":""}]}}bucket的metadata
GET /admin/metadata/bucket?format=json&key=bababa HTTP/1.1Host: yuliyangdebugweb68.tunnel.qydev.comUser-Agent: python-requests/2.10.0Accept: */*Accept-Encoding: gzip, deflateAuthorization: AWS testcaps3:YrRXMsS6SRDJ2QeGSGyT+UBNkNU=Connection: keep-aliveDate: Wed, 27 Jul 2016 02:38:33 GMTHTTP/1.1 200 OKContent-Length: 470Connection: Keep-AliveContent-Type: application/jsonDate: Wed, 27 Jul 2016 02:35:59 GMTX-Amz-Request-Id: tx000000000000000000343-0057981e0f-a8f9f-default{"key":"bucket:bababa","ver":{"tag":"_8KAo6w6VPo5fhGtzTvxwRaE","ver":1},"mtime":"2016-07-24 23:43:19.214419Z","data":{"bucket":{"name":"bababa","pool":"default.rgw.buckets.data","data_extra_pool":"default.rgw.buckets.non-ec","index_pool":"default.rgw.buckets.index","marker":"b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2","bucket_id":"b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2"},"owner":"date2","creation_time":"0.000000","linked":"true","has_bucket_info":"false"}}cap为metadata=write
该cap的用户可以设置user 和 bucket的metadata
$ radosgw-admin metadata put bucket.instance:widodh:default.20111.1 < bucket.jsonPUT /admin/metadata/bucket?key=bababa HTTP/1.1Host: yuliyangdebugweb68.tunnel.qydev.comUser-Agent: python-requests/2.10.0Content-Length: 454Accept: */*Accept-Encoding: gzip, deflateAuthorization: AWS testcaps3:6EjaVjvYDQlOpFA4qK1wnazXy4A=Connection: keep-aliveContent-Type: application/jsonDate: Wed, 27 Jul 2016 02:45:39 GMT{"key":"bucket:bababa","ver":{"tag":"_8KAo6w6VPo5fhGtzTvxwRaE","ver":1},"mtime":"2016-07-24 23:43:19.214419Z","data":{"bucket":{"name":"bababa","pool":"yuliyang","data_extra_pool":"default.rgw.buckets.non-ec","index_pool":"default.rgw.buckets.index","marker":"b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2","bucket_id":"b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2"},"owner":"date2","creation_time":"0.000000","linked":"true","has_bucket_info":"false"}}[root@ceph03 ~]# radosgw-admin metadata get bucket:bababa{ "key": "bucket:bababa", "ver": { "tag": "_8KAo6w6VPo5fhGtzTvxwRaE", "ver": 1 }, "mtime": "2016-07-24 23:43:19.214419Z", "data": { "bucket": { "name": "bababa", "pool": "yuliyang", "data_extra_pool": "default.rgw.buckets.non-ec", "index_pool": "default.rgw.buckets.index", "marker": "b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2", "bucket_id": "b74b128b-eac1-4f3a-a5ca-60536d190664.694099.2" }, "owner": "date2", "creation_time": "0.000000", "linked": "true", "has_bucket_info": "false" }}cap为zone=read
有该cap的用户何以通ADMIN REST API 过获取zone信息
获取zone[root@ceph03 ~]# radosgw-admin zone get --rgw-zone=default { "id": "b74b128b-eac1-4f3a-a5ca-60536d190664", "name": "default", "domain_root": "default.rgw.data.root", "control_pool": "default.rgw.control", "gc_pool": "default.rgw.gc", "log_pool": "default.rgw.log", "intent_log_pool": "default.rgw.intent-log", "usage_log_pool": "default.rgw.usage", "user_keys_pool": "default.rgw.users.keys", "user_email_pool": "default.rgw.users.email", "user_swift_pool": "default.rgw.users.swift", "user_uid_pool": "default.rgw.users.uid", "system_key": { "access_key": "", "secret_key": "" }, "placement_pools": [ { "key": "default-placement", "val": { "index_pool": "default.rgw.buckets.index", "data_pool": "default.rgw.buckets.data", "data_extra_pool": "default.rgw.buckets.non-ec", "index_type": 0 } } ], "metadata_heap": "default.rgw.meta", "realm_id": ""}获取zonegroup[root@node1 ~]# radosgw-admin zonegroup-map get --rgw-zonegroup=de { "zonegroups": [ { "key": "b47af7c7-e2d8-4b62-8966-b5b6de0bddc3", "val": { "id": "b47af7c7-e2d8-4b62-8966-b5b6de0bddc3", "name": "de", "api_name": "de", "is_master": "true", "endpoints": [ "http:\/\/192.168.10.10:7480" ], "hostnames": [], "hostnames_s3website": [], "master_zone": "426f76bd-bb22-4098-b064-ae28b8357bb0", "zones": [ { "id": "426f76bd-bb22-4098-b064-ae28b8357bb0", "name": "nue", "endpoints": [], "log_meta": "true", "log_data": "false", "bucket_index_max_shards": 0, "read_only": "false" } ], "placement_targets": [ { "name": "default-placement", "tags": [] } ], "default_placement": "default-placement", "realm_id": "f1574551-03e7-4739-a136-9670c62b46c1" } } ], "master_zonegroup": "b47af7c7-e2d8-4b62-8966-b5b6de0bddc3", "bucket_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "user_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }}+++++++++++++++++++++++++++++++请求URL++++++++++++++++++++++++++++++++获取zonegroup的url< GET /admin/config HTTP/1.1< Host: 192.168.10.10:7480< Connection: keep-alive< Accept-Encoding: gzip, deflate< Accept: */*< User-Agent: python-requests/2.10.0< date: Wed, 27 Jul 2016 07:30:10 GMT< Authorization: AWS admin:i1P7+FvmhMBlQ/gaUDtwe4QZ424=< > HTTP/1.1 200 OK> x-amz-request-id: tx000000000000000000005-00579862e5-d7d96-nue> Content-Length: 803> Date: Wed, 27 Jul 2016 07:29:41 GMT> Connection: Keep-Alive> {"regions":[{"key":"b47af7c7-e2d8-4b62-8966-b5b6de0bddc3","val":{"id":"b47af7c7-e2d8-4b62-8966-b5b6de0bddc3","name":"de","api_name":"de","is_master":"true","endpoints":["http:\/\/192.168.10.10:7480"],"hostnames":[],"hostnames_s3website":[],"master_zone":"426f76bd-bb22-4098-b064-ae28b8357bb0","zones":[{"id":"426f76bd-bb22-4098-b064-ae28b8357bb0","name":"nue","endpoints":[],"log_meta":"true","log_data":"false","bucket_index_max_shards":0,"read_only":"false"}],"placement_targets":[{"name":"default-placement","tags":[]}],"default_placement":"default-placement","realm_id":"f1574551-03e7-4739-a136-9670c62b46c1"}}],"master_region":"b47af7c7-e2d8-4b62-8966-b5b6de0bddc3","bucket_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1},"user_quota":{"enabled":false,"max_size_kb":-1,"max_objects":-1}}cap为zone=write
有该cap权限的用户可以修改zone相关的信息
PUT /admin/config HTTP/1.1body体内容为json格式
注意: 可以通过ADMIN REST API 修改zone等信息,实现bucket与pool的绑定,而不用命令行来进行bucket与pool的绑定操作
上述就是小编为大家分享的rgw用户中的caps指的是什么了,如果刚好有类似的疑惑,不妨参照上述分析进行理解。如果想知道更多相关知识,欢迎关注行业资讯频道。
用户
信息
对象
内容
权限
不同
命令
配额
分析
统计
普通
不用
专业
中小
代表
内容丰富
只有
可以通过
就是
建议
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
软件开发项目职责
服务器ip登不上管理口
上海网络技术学习
畜牧业数据库
服务器怎么只允许管理员登录
网络安全内防内控
服务器主机用什么防护软件
北京哪里有服务器机房
人人网信息网络技术有限公司
数据库操作里有哪些操作命令
软件开发运行平台的约束
戴尔服务器r750价格多少
B开头的外文数据库
js绑定下拉框数据库
杭州烈焰网络技术有限公司产品
sql往字段中写入数据库
华师大 公共数据库
数据库的列无法更改
丽水桌面软件开发自学步骤
软件开发合同是否可以转包
广州启创网络技术开发有限公司
网络安全心得体会qqt
服务器 重装系统
了解应用软件开发
网络安全风险研判依据
小学 网络安全课
战地1awsl服务器
软件开发工作量的度量
金融软件开发 西二旗
网络安全基地武汉大学
