|Article Number: 535575||Article Version: 4||Article Type: Break Fix|
ECS Appliance Software without Encryption
The customers intention is to anonymously access objects if the full path is known. But setting Swift Read ACL to ".r:*" allows unwanted dirlisting.
We would like to use a Swift ACL-Read Policy to allow anonymous access to objects as described here:
python-swiftclient is used as client in this case.
setting the Policy:
swift post --read-acl ".r:*" private-swift
checking the policy:
swift stat private-swift Account: ops-thomas Container: private-swift Objects: 0 Bytes: 0 Read ACL: .r:* Write ACL: Sync To: Sync Key:X-Emc-Retention-Period: 0X-Emc-Is-Tso-Read-Only: false Accept-Ranges: bytes X-Trans-Id: tx0a10c20b1685c1199fc75-39ae00000000 X-Timestamp: 1554368486418 X-Emc-Request-Id: 0a10c20b:1685c1199fc:7539a:eX-Emc-Is-Stale-Allowed: false Content-Type: text/html
If the full path of an object is now provided to anonymous (without using a token), all the files can be listed within the folder. This is not expected
A bug in the ECS Software has been discovered
If you see this issue, a customer specific patch is required on top of the latest ECS Release (right now it is 3.3HF1).
Please open a Service Request with Dell EMC Support and mention this KB for requesting a custom patch if needed.
A future version of ECS will contain a final fix.