Description of problem: An anonymous S3 user may be able to (incorrectly) list the contents of a bucket which has an authenticated_users=read ACL. Version-Release number of selected component (if applicable): 1.3.x Additional info: This issue corresponds to upstream tracker issue http://tracker.ceph.com/issues/13207 Fixed on master in https://github.com/ceph/ceph/pull/6057 Fix pulled to ceph-1.3-rhel-patches commit eabd06622cff8fbc0d2fe612de2538d034e7fb24 (cherry picked from commit 99ba6610a8f437604cadf68cbe9969def893e870)