Knowledge base
Advanced OCS access configuration
Posted by Pomoc Oktawave on 21.05.2014 19:20

One of the basic window, where you can edit an access to OCS service, is located in Services | OCS | container indicator | Edit.

 

 

You could find there the following options:

  1. Enable listing – allows to display the entire container’s content (all the files located in the folder). When this option is not selected, the users can display only the files that they have access to, e.g. through the link.

  2. Enable public access – results that all the users are allowed to display the folder’s content with no previous authentication required.

  3. Enable static website – enables to define a specific URL address. It means that the access to the files in the container would be possible only to the person, who obtained this link (it is possible when Enable public access is not selected only).

To perform this, select in the container the option Enable public access and Enable listing. Till this moment all the users (both authenticated and unauthenticated) could list the objects in the container.

The next step is to add the header X-Container-Meta-Web-Index: index.html, using python-swiftclient, as it was described below: http://docs.openstack.org/api/openstack-object-storage/1.0/content/Examples_for_static_web-dle4025.html.

Then the queries with no X-Auth-Token in the header (e.g. generated by the browser) would turn index.html object’s content if it is in the container or the message Not found, if there is no such an object. File’s listing is possible, when the query contains a correct X-Auth-Token (there can be also the users beyond OCS with an active token).

There exists several other methods of changing the headers:

Defining of header X-Container-Meta-Web-Index: index.html simulates an action of the typical webserver serving index.html file for unauthorized demands generated by WWW browsers (no X-Auth-Token header with a correct token).

If a user with a proper authentication token would call to a such container (most likely using a dedicated swift client), he would have the possibility of listing the objects located in the container, because of its public-owned type.

During the first logging in OCS as an administrator it could be noticed that there exists a OCS-services-backups container. Please note that the access to this container is possible only when authenticated as the administrator (login: admin, password identical to this defined in Oktawave administration panel; naturally it could be changed in the section Services | Users | OCS).

No other user could have the access to this directory, because it is reserved for the user’s generated backups. The details are available here: https://kb.oktawave.com/Knowledgebase/Article/View/208/0/how-to-create-oci-backup-in-oktawave-control-panel

Authorities to the other directories (directories could be generated by selecting Generate directory in the section Services | OCS) may be edited from the administration panel (also the section Services | User management | OCS).

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.