这篇文章主要讲解了“system特权怎么使用”,文中的讲解内容简单清晰,易于学习与理解,下面请大家跟着小编的思路慢慢深入,一起来研究和学习“system特权怎么使用”吧!
开启system特权
root@demohost:/home/user# radosgw-admin user modify --system=1 --uid=s3user { "user_id": "s3user", "display_name": "s3user", "email": "", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [], "keys": [ { "user": "s3user", "access_key": "", "secret_key": "" } ], "swift_keys": [], "caps": [], "op_mask": "read, write, delete", "system": "true", #开启了system特权 "default_placement": "", "placement_tags": [], "bucket_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "user_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "temp_url_keys": [] }
关闭system特权
root@demohost:/home/user# radosgw-admin user modify --system=0 --uid=s3user { "user_id": "s3user", "display_name": "s3user", "email": "", "suspended": 0, "max_buckets": 1000, "auid": 0, "subusers": [], "keys": [ { "user": "s3user", "access_key": "", "secret_key": "" } ], "swift_keys": [], "caps": [], "op_mask": "read, write, delete", "default_placement": "", "placement_tags": [], "bucket_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "user_quota": { "enabled": false, "max_size_kb": -1, "max_objects": -1 }, "temp_url_keys": [] }
开system特权以后,create_bucket请求的body会返回对应bucket的各种隐藏属性
python的测试代码如下
# -*- coding: utf-8 -*- from boto.s3.connection import S3Connection import boto import os bucket_name = 'user-bucket1' access_key = '' secret_key = '' endpoint = 's3.ceph.work' conn = boto.connect_s3( aws_access_key_id=access_key, aws_secret_access_key=secret_key, host=endpoint, is_secure=False, calling_format=boto.s3.connection.OrdinaryCallingFormat(), validate_certs=True, ) bucket = conn.create_bucket(bucket_name)
开启之前,response的body内容为空
开启以后,bucket隐藏的的metadata全部都暴露出来了
最后说一句,这个system权限很大,不要随便开,容易造成权限扩大和隐藏信息泄露。
感谢各位的阅读,以上就是“system特权怎么使用”的内容了,经过本文的学习后,相信大家对system特权怎么使用这一问题有了更深刻的体会,具体使用情况还需要大家实践验证。这里是亿速云,小编将为大家推送更多相关知识点的文章,欢迎关注!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。