Granting read access to the Authenticated Users group for a file

老子叫甜甜 提交于 2019-12-03 12:19:15

This doesn't seem to be possible with s3cmd. Instead I had to switch to the aws cli tools.

Here are the directions to install them: http://docs.aws.amazon.com/cli/latest/userguide/installing.html

It's possible to set the acl to read by authenticated users during upload with the command:

aws s3 cp <file-to-upload> s3://<bucket>/ --acl authenticated-read

Plus a whole load of other combinations you can check out here: http://docs.aws.amazon.com/cli/latest/reference/s3/index.html#cli-aws-s3

This is from http://s3tools.org/s3cmd:

Upload a file into the bucket ~$ s3cmd put addressbook.xml s3://logix.cz-test/addrbook.xml File 'addressbook.xml' stored as s3://logix.cz-test/addrbook.xml (123456 bytes) Note about ACL (Access control lists) — a file uploaded to Amazon S3 bucket can either be private, that is readable only by you, possessor of the access and secret keys, or public, readable by anyone. Each file uploaded as public is not only accessible using s3cmd but also has a HTTP address, URL, that can be used just like any other URL and accessed for instance by web browsers.

~$ s3cmd put --acl-public --guess-mime-type storage.jpg s3://logix.cz-test/storage.jpg File 'storage.jpg' stored as s3://logix.cz-test/storage.jpg (33045 bytes) Public URL of the object is: http://logix.cz-test.s3.amazonaws.com/storage.jpg

Now anyone can display the storage.jpg file in their browser. Cool, eh?

try changing public to authenticated and that should work.

see http://docs.amazonwebservices.com/AmazonS3/latest/dev/ACLOverview.html#CannedACL it explains on amazon side how to use their ACLs, supposedly if you use public in s3cmd - this would translate to public-read in amazon, so authenticated should translate to authenticated-read.

If you're willing to use Python, the boto library provides all the functionality to get and set an ACL; from the boto S3 documentation:

b.set_acl('public-read')

Where b is a bucket. Of course in your case you should change 'public-read' to 'authenticated-read'. You can do something similar for keys (files).

The following command works for me with s3cmd version 1.6.0: s3cmd setacl s3://<bucket>/<file-name> --acl-grant='read:http://acs.amazonaws.com/groups/global/AuthenticatedUsers' for an individual file.

s3cmd setacl s3://<bucket>/<dir-name> --acl-grant='read:http://acs.amazonaws.com/groups/global/AuthenticatedUsers' --recursive for all files in a directory.

If you want to do it at bucket level you can do -

aws s3api put-bucket-acl --bucket bucketname --grant-full-control uri=http://acs.amazonaws.com/groups/global/AuthenticatedUsers

Docs - http://docs.aws.amazon.com/cli/latest/reference/s3api/put-bucket-acl.html

Here is an example command that will set the ACL on an S3 object to authenticated-read.

aws s3api put-object-acl --acl authenticated-read --bucket mybucket --key myfile.txt

.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!