Managing S3 users via CLI

The concept of an S3 user is one of the base concepts of object storage along with those of an object and a bucket (a container for storing objects). The Amazon S3 protocol uses a permission model based on access control lists (ACLs), where each bucket and each object are assigned an ACL that lists all users with access to the given resource and the type of this access (read, write, read ACL, or write ACL). The list of users includes the entity owner assigned to every object and bucket at creation. The entity owner has extra rights compared to other users. For example, the bucket owner is the only one who can delete that bucket.

User model and access policies implemented in Virtuozzo Hybrid Infrastructure comply with the Amazon S3 user model and access policies.

User management scenarios in Virtuozzo Hybrid Infrastructure are largely based on the Amazon Web Services user management and include the following operations: create, query, and delete users, as well as generate and revoke user access key pairs.

You can manage users with the ostor-s3-admin tool.

To do it via CLI, you will need to know the ID of the volume that they are in. You can obtain it with the ostor-ctl get-config command. For example:

# ostor-ctl get-config -n
VOL_ID             TYPE     STATE
0100000000000002   OBJ      READY
As ostor-s3-admin commands are assumed to be issued by object storage administrators, they do not include any authentication or authorization checks.