linux:ceph:public_bucket_knowledge
Table of Contents
[CEPH] Public bucket basic knowledge
Documentation | |
---|---|
Name: | [CEPH] Public bucket basic knowledge |
Description: | Basic information about publishing a bucket to the internet |
Modification date : | 03/02/2020 |
Owner: | dodger |
Notify changes to: | Owner |
Tags: | ceph, object storage |
Scalate to: | Thefuckingbofh |
Pre-Requirements
- Know what are the HTTP verbs
- Know the name of our ceph
What you should know
Our ceph/s3 object storage can be publicly accessed but is very restricted, the more restricted the higher security.
So what is open?
- HTTP verb GET
- Any bucket that has been requested to be open to the internet (you still must give explicit access to the objects)
What is NOT open:
- All the rest HTTP verbs (PUT/HEAD/DELETE/POST…)
- All the rest of buckets that are not explicitly requested to be opened.
- All the objects in a published bucket not explicitly published as public/timed/hashed.
What you'll be able to do from internet
Just 1 thing:
curl http://larry.ciberterminal.net/monguitest/status.txt
That is:
- you should know the name of the file that you want to access.
- the file must be public or have any ACL setup that allow access to it without authentication (public, timed public, hash key based acces…)
What we desire that you do with the objects
Access explained Graphically
From Internet
From ciberterminal
Remember
- Only GET is available you won't be able to:
bucket.list
as it uses HTTP/HEAD.bucket.delete
as it uses HTTP/DELETE.- Any other operation
- You'll still have to manage the object ACL so anyone can access it, by default all the objects inside the bucket are private.
linux/ceph/public_bucket_knowledge.txt · Last modified: 2022/02/11 11:36 by 127.0.0.1