rgw: prevent data sync from replicating to buckets not owned by the user
Issue https://tracker.ceph.com/issues/68884 revealed that because
user_acl is initialized by default in RGWUserPermHandler::Init with
the same identity, calling verify_bucket_permission_no_policy()
would mistakenly allow the request since the user ACL matches the
identity. Removing the default creation of user_acl would align the
behavior with other S3 operations to prevent unauthorized data replication.
projects / ceph.git / commit