I would like to default either my whole space or a certain bucket to public, meaning any new files uploaded would get public without having to set headers, etc.
I currently use s3cmd or java s3 API to upload new files and I set the header x-amz-acl to a value of public-read. This works MOST of the time but sometimes for an unknown reason, some files still end up private.
I am trying to use s3cmd as detailed here: https://developers.digitalocean.com/documentation/spaces/#set-bucket-acls but I need to figure out my owner ID. I tried to do that via https://developers.digitalocean.com/documentation/spaces/#get-bucket-acls but using curl I keep getting and InvalidArgument error returned.
This was my attempt so far: curl -X GET -H “Authorization: Bearer MY-ACCESS-TOKEN” “https://MY-BUCKET.nyc3.digitaloceanspaces.com/?acl”
How can I supply the right arguments for getting the bucket acl?
GET /?acl HTTP/1.1
Host: static-images.nyc3.digitaloceanspaces.com x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date: 20170710T174434Z Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=71dfa4666fb740d40d05307a29321c65cc620cdb17e8a9cb83d4f0e1b1b9d236
I think I have a key to use for the signature, but wasn’t sure about the credential part.
Thanks for any help!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Using the following command I can mount a bucket on AMAZON_S3 so that any file placed there is then publicly accessible. I copy any file in
s3fs fcdn /var/www/fcdn -ourl=https://s3.us-east-2.amazonaws.com -o default_acl=public -ononempty
All subsequent copies to /var/www/fcdn immeditely appear on AMAZON_S3 and are always publicly readable. No issues.
However, when I mount to DO_Spaces with s3fs fcn /var/www/fivecent/image -ourl=https://nyc3.digitaloceanspaces.com -o default_acl=public
A subsequent copy of a file to image folder or per say to fcdn folder simply fails with cp zimage/*.png image/ cp: cannot create regular file ‘image/no_image.png’: Input/output error cp: cannot create regular file ‘image/placeholder.png’: Input/output error
Apparently there is a bug in the S3 API at DO. Hope someone looks into it.
Regards.
According to support, granting READ permission to AllUsers on a bucket just means they can list the bucket contents…
I don’t understand why there is not a ‘read any object’ permission on a bucket or a directory inside a bucket? Can anyone enlighten me? Seems like such a common use case.
Thanks!
Well, I answered a couple of my own questions, but it’s still not working.
I figured out that by using the Java API, or any other API it’s a lot easier to get and set the ACL. I am now able to do that, so I got my owner ID.
My current ACL looks like this in Java:
AccessControlList [owner=S3Owner [name=MY-OWNER-ID,id=MY-OWNER-ID], grants=[Grant [grantee=GroupGrantee [http://acs.amazonaws.com/groups/global/AllUsers], permission=READ], Grant [grantee=com.amazonaws.services.s3.model.CanonicalGrantee@e3da3b58, permission=FULL_CONTROL]]]
I granted myself full access and “AllUsers” read. However when I upload a new file using either the java api or s3cmd, it still is not readable in the browser :(
Any ideas on why it is not working? Thanks again!