Granting read access to the Authenticated Users group for a file

Question

How do I grant read access to the Authenticated Users group for a file? I\'m using s3cmd and want to do it while uploading but I\'m just focusing directly on changing the acl. W

Answer 1

If you're willing to use Python, the boto library provides all the functionality to get and set an ACL; from the boto S3 documentation:

b.set_acl('public-read')

Where b is a bucket. Of course in your case you should change 'public-read' to 'authenticated-read'. You can do something similar for keys (files).

Answer 2

This is from http://s3tools.org/s3cmd:

Upload a file into the bucket ~$ s3cmd put addressbook.xml s3://logix.cz-test/addrbook.xml File 'addressbook.xml' stored as s3://logix.cz-test/addrbook.xml (123456 bytes) Note about ACL (Access control lists) — a file uploaded to Amazon S3 bucket can either be private, that is readable only by you, possessor of the access and secret keys, or public, readable by anyone. Each file uploaded as public is not only accessible using s3cmd but also has a HTTP address, URL, that can be used just like any other URL and accessed for instance by web browsers.

~$ s3cmd put --acl-public --guess-mime-type storage.jpg s3://logix.cz-test/storage.jpg File 'storage.jpg' stored as s3://logix.cz-test/storage.jpg (33045 bytes) Public URL of the object is: http://logix.cz-test.s3.amazonaws.com/storage.jpg

Now anyone can display the storage.jpg file in their browser. Cool, eh?

try changing public to authenticated and that should work.

see http://docs.amazonwebservices.com/AmazonS3/latest/dev/ACLOverview.html#CannedACL it explains on amazon side how to use their ACLs, supposedly if you use public in s3cmd - this would translate to public-read in amazon, so authenticated should translate to authenticated-read.

Answer 3

If you want to do it at bucket level you can do -

aws s3api put-bucket-acl --bucket bucketname --grant-full-control uri=http://acs.amazonaws.com/groups/global/AuthenticatedUsers

Docs - http://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-acl.html

Answer 4

The following command works for me with s3cmd version 1.6.0: s3cmd setacl s3://<bucket>/<file-name> --acl-grant='read:http://acs.amazonaws.com/groups/global/AuthenticatedUsers' for an individual file.

s3cmd setacl s3://<bucket>/<dir-name> --acl-grant='read:http://acs.amazonaws.com/groups/global/AuthenticatedUsers' --recursive for all files in a directory.

Answer 5

This doesn't seem to be possible with s3cmd. Instead I had to switch to the aws cli tools.

Here are the directions to install them: http://docs.aws.amazon.com/cli/latest/userguide/installing.html

It's possible to set the acl to read by authenticated users during upload with the command:

aws s3 cp <file-to-upload> s3://<bucket>/ --acl authenticated-read

Plus a whole load of other combinations you can check out here: http://docs.aws.amazon.com/cli/latest/reference/s3/index.html#cli-aws-s3

Answer 6

Here is an example command that will set the ACL on an S3 object to authenticated-read.

aws s3api put-object-acl --acl authenticated-read --bucket mybucket --key myfile.txt

.