|
Discussion Forums
|
Thread: ACL: is it possible to give PUT but not DELETE permissions
 |
This question is not answered.
Helpful answers available: 2.
Correct answers available: 1.
|
|
|
|
Replies:
5
-
Pages:
1
-
Last Post:
May 15, 2009 8:50 AM
by: Alyssa@AWS
|
|
|
Posts:
7
Registered:
9/7/08
|
|
|
|
ACL: is it possible to give PUT but not DELETE permissions
Posted:
May 15, 2009 8:20 AM PDT
|
|
|
Hello all,
I have the following question: is it possible to give to an account the permission to *add* files to my bucket but not to *delete* existing files?
From what I understand to add files I need to give write permission on the bucket. But this also allows the account to delete any file, even files it doesn't own and it doesn't have write permission on.
This sounds like a reasonable requirement when you share buckets. You want someone to add files but without deleting your stuff.
Thanks in advance,
Kostas
|
|
Posts:
1,691
Registered:
10/10/07
|
|
|
|
Re: ACL: is it possible to give PUT but not DELETE permissions
Posted:
May 15, 2009 8:29 AM PDT
in response to: zoogr
|
|
|
If it were possible to have PUT without DELETE, it wouldn't really make sense. If you PUT a file to an existing key, then the original object gets overwritten. This is essentially the same as deleting the original.
|
|
Posts:
98
Registered:
3/15/07
|
|
|
|
Re: ACL: is it possible to give PUT but not DELETE permissions
Posted:
May 15, 2009 8:37 AM PDT
in response to: zoogr
|
|
|
We're currently planning on adding this functionality at the end of this year in conjunction with support for versioning (which solves the overwrite issue Colin raises).
|
|
Posts:
7
Registered:
9/7/08
|
|
|
|
Re: ACL: is it possible to give PUT but not DELETE permissions
Posted:
May 15, 2009 8:38 AM PDT
in response to: Colin Rhodes
|
|
|
A reasonable implementation would be
- allow to add a file if there is no existing file with this filename, or if there exists but I have delete permission on it (so I can delete it anyway)
- do not allow to delete or overwrite a file without delete permission on it
|
|
Posts:
7
Registered:
9/7/08
|
|
|
|
Re: ACL: is it possible to give PUT but not DELETE permissions
Posted:
May 15, 2009 8:44 AM PDT
in response to: Alyssa@AWS
|
|
|
@Alyssa: I'm glad to hear that. Support for versioning sounds very interesting.
Btw, another great possibility would be to have an account that can add files but cannot delete anything, not even its own added files. This is useful for backup (which S3 is often used for). When I backup my server, I only need to add files. But if a hacker breaks into the machine, so he retrieves the secret key of this account, he shouldn't be able to delete the backup. See
http://it.slashdot.org/article.pl?sid=09/05/15/0138204&art_pos=2
Kostas
|
|
Posts:
98
Registered:
3/15/07
|
|
|
|
Re: ACL: is it possible to give PUT but not DELETE permissions
Posted:
May 15, 2009 8:50 AM PDT
in response to: zoogr
|
|
|
Unfortunately, with the distributed nature of S3, that implementation doesn't work. A PUT request may come in to one data center and at the same time a PUT request for the same object name comes in to another data center. One data center won't know that the other is processing a request to PUT that same object at the same time. Both PUTs will return success. Only later, when we propagate the index information across all of our data centers as a part of achieving eventual consistency, will we realize that there is a conflict that has to be resolved. We resolve that conflict by last writer wins, effectively deleting one of the versions of the object.
|
|
|
|
