NC | NSFS | Multiple accounts and same bucket scenarios : technical discussion

[naveenpaul1]

Environment info

• NooBaa Version: VERSION
• Platform: Kubernetes 1.14.1 | minikube 1.1.1 | OpenShift 4.1 | other: specify

Actual behavior

1. In a scenario where a first user with UID 1001 and GID 1001, created an object with a key a/b/c, and second user with UID 2001 and GID 2001 created a second object and key isa/b/c, is this validcase?
2. How multiple account access in the same bucket path should work? Do we need to give permission to objects dirs that are not created by the same user?
3. How list-object scenario work for multiple account-linked buckets? List all the items for both of these users?
4. Consider a case where two accounts with different UID and GID points to the same bucket and bucket access is given through bucket policy. Account1 put an object to the bucket and created internal directories(upload, multipart-upload etc) using the account's UID and GID, Is there any chance the second account faces an access deny issue when trying to put an object to the same bucket
5. If there is an object inside the bucket directory with conflicting ownership (other than account owner). what should happen when try to list objects?

Expected behavior

Steps to reproduce

More information - Screenshots / Logs / Other output

[naveenpaul1]

All the bucket dir will be created with mod 770, and because that account shares GID can access dir and files.

1. This is an invalid case, An Account with the same GID can access the bucket path, In this case, both accounts have different UID and GID, and even bucket path access is restricted for the second user
2. In scale, For two or more accounts to share the same bucket all the accounts should have the same GID. When all the accounts share the same GID with bucket dir mod 770, all the accounts can list objects in that bucket.
3. Yes, When all the accounts share the same GID with bucket dir mod 770, all the accounts can list objects in that bucket.
4. Posix will throw an error when trying to create an internal folder even if we set a bucket policy that allows two accounts (with different UID and GID) to access the same bucket path.
   if the GID of two accounts is the same there won't be any error. Mod 770 will allow the same GID accounts to access the dir created but different accounts(with different UIDs)
5. NC | Multi Protocol Access | If there is an object inside the bucket directory with a conflicting ownership (other than account owner), list objects throws access denied #8735

cc: @romayalon @guymguym