How to disable google cloud storage bucket list from acl control?

只愿长相守 提交于 2020-01-11 03:16:06

问题


We're using google cloud storage as our CDN.

However, any visitors can list all files by typing: http://ourcdn.storage.googleapis.com/

How to disable it while all the files under the bucket is still public readable by default?

We previously set the acl using

gsutil defacl ch -g AllUsers:READ 

回答1:


Your defacl looks good. The problem is most likely that for some reason AllUsers must also have READ, WRITE, or FULL_CONTROL on the bucket itself. You can clear those with a command like this:

gsutil acl ch -d AllUsers gs://bucketname



回答2:


In GCP dashboard:

  1. get in your bucket
  2. click "Permissions" tab and get in.
  3. in member list find "allUsers", change role from Storage Object Viewer to Storage Legacy Object Reader

then, listing should be disabled.

Update:

as @Devy comment, just check the note below here

Note: roles/storage.objectViewer includes permission to list the objects in the bucket. If you don't want to grant listing publicly, use roles/storage.legacyObjectReader.




回答3:


Upload an empty index.html file in the root of your bucket. Open the bucket settings and click Edit website configuration - set index.html as the Main Page.

It will prevent the listing of the directory.




回答4:


Your command set the default object ACL on the bucket to READ, which means that objects will be accessible by anyone. To prevent users from listing the objects, you need to make sure users don't have an ACL on the bucket itself.

gsutil acl ch -d AllUsers gs://yourbucket

should accomplish this. You may need to run a similar command for AllAuthenticatedUsers; just take a look at the bucket ACL with

gsutil acl get gs://yourbucket

and it should be clear.



来源:https://stackoverflow.com/questions/19124162/how-to-disable-google-cloud-storage-bucket-list-from-acl-control

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!