Description of problem: rgw: bucket/object owner override when setting acls How reproducible: always Steps to Reproduce: 1. Give write_acl permissions to a user that doesn't own the object/bucket 2. User set attribute on the object/bucket Actual results: User becomes the owner of the object/bucket Expected results: User should not become owner of the object/bucket Additional info: Fixed upstream
The upstream bug says "backport: hammer". Was this fixed in the 0.94.1 release, or after?
"git describe a8ced2c6ce8959500e13fed7cc3d6d01d23f1fef" shows that this landed on the hammer branch prior to the v0.94 release. So I think we're good for RHCS 1.3.0.
We're fine for 1.3.0, but does product want this also out in a patch to 1.2.z?
If I understand the bug, sounds like a pretty big security hole so a patch to 1.2.z sounds prudent.
waiting for qa_ack on this one
ok, clearing needinfo
*** Bug 1197243 has been marked as a duplicate of this bug. ***
Works os 1.2.3.2 iso's for trusty and precise.
On Centos 6.7 this failed due to a python suite failing. This may not be a 1214051 bug but this script did pass smoothly on ubuntu and rhel. I am continuing to look into this.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1703.html
for the record, this test passed on centos 6.7