From: Yuri Weinstein Date: Fri, 19 Sep 2025 14:52:03 +0000 (-0700) Subject: Merge pull request #64152 from cbodley/wip-63323 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b1cdf2fc97267d379041b6c8d2fa9464b4bce0c9;p=ceph.git Merge pull request #64152 from cbodley/wip-63323 rgw: support S3 Object Ownership controls to disable object ACLs Reviewed-by: Adam Emerson --- b1cdf2fc97267d379041b6c8d2fa9464b4bce0c9 diff --cc PendingReleaseNotes index d03bbb75af17,b0eb86cacfd7..c2adac127290 --- a/PendingReleaseNotes +++ b/PendingReleaseNotes @@@ -63,8 -53,9 +63,9 @@@ - osd_op_num_shards_hdd = 1 (was 5) - osd_op_num_threads_per_shard_hdd = 5 (was 1) For more details see https://tracker.ceph.com/issues/66289. + * RGW: Added support for S3 Object Ownership to disable object ACLs. * MGR: The Ceph Manager's always-on modulues/plugins can now be force-disabled. - This can be necessary in cases where we wish to prevent the manager from being + This can be necessary when we wish to prevent the Manager from being flooded by module commands when Ceph services are down or degraded. * CephFS: It is now possible to pause the threads that asynchronously purge diff --cc src/rgw/rgw_bucket.cc index ea48dd9923f0,0fdd3503ba78..2abc3bc4be4b --- a/src/rgw/rgw_bucket.cc +++ b/src/rgw/rgw_bucket.cc @@@ -137,10 -137,16 +137,17 @@@ int rgw_chown_bucket_and_objects(rgw::s const DoutPrefixProvider *dpp, optional_yield y) { /* Chown on the bucket */ - int ret = bucket->chown(dpp, new_user->get_id(), y); + int ret = bucket->chown(dpp, new_user->get_id(), new_user->get_display_name(), + y); if (ret < 0) { - set_err_msg(err_msg, "Failed to change object ownership: " + cpp_strerror(-ret)); + set_err_msg(err_msg, "Failed to change bucket ownership: " + cpp_strerror(-ret)); + return ret; + } + + // skip object acls when BucketOwnerEnforced + if (auto ownership = rgw::s3::get_object_ownership(bucket->get_attrs()); + ownership == rgw::s3::ObjectOwnership::BucketOwnerEnforced) { + return 0; } /* Now chown on all the objects in the bucket */