How can I default a spaces bucket to public?

July 5, 2019 428 views
DigitalOcean

I would like to default either my whole space or a certain bucket to public, meaning any new files uploaded would get public without having to set headers, etc.

I currently use s3cmd or java s3 API to upload new files and I set the header x-amz-acl to a value of public-read. This works MOST of the time but sometimes for an unknown reason, some files still end up private.

I am trying to use s3cmd as detailed here: https://developers.digitalocean.com/documentation/spaces/#set-bucket-acls but I need to figure out my owner ID. I tried to do that via https://developers.digitalocean.com/documentation/spaces/#get-bucket-acls but using curl I keep getting and InvalidArgument error returned.

This was my attempt so far:
curl -X GET -H “Authorization: Bearer MY-ACCESS-TOKEN” “https://MY-BUCKET.nyc3.digitaloceanspaces.com/?acl

How can I supply the right arguments for getting the bucket acl?

GET /?acl HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T174434Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=71dfa4666fb740d40d05307a29321c65cc620cdb17e8a9cb83d4f0e1b1b9d236

I think I have a key to use for the signature, but wasn’t sure about the credential part.

Thanks for any help!

3 Answers

Well, I answered a couple of my own questions, but it’s still not working.

I figured out that by using the Java API, or any other API it’s a lot easier to get and set the ACL. I am now able to do that, so I got my owner ID.

My current ACL looks like this in Java:

AccessControlList [owner=S3Owner [name=MY-OWNER-ID,id=MY-OWNER-ID], grants=[Grant [grantee=GroupGrantee [http://acs.amazonaws.com/groups/global/AllUsers], permission=READ], Grant [grantee=com.amazonaws.services.s3.model.CanonicalGrantee@e3da3b58, permission=FULL_CONTROL]]]

I granted myself full access and “AllUsers” read. However when I upload a new file using either the java api or s3cmd, it still is not readable in the browser :(

Any ideas on why it is not working? Thanks again!

According to support, granting READ permission to AllUsers on a bucket just means they can list the bucket contents…

I don’t understand why there is not a ‘read any object’ permission on a bucket or a directory inside a bucket? Can anyone enlighten me? Seems like such a common use case.

Thanks!

Using the following command I can mount a bucket on AMAZON_S3 so that any file placed there is then publicly accessible. I copy any file in

s3fs fcdn /var/www/fcdn -ourl=https://s3.us-east-2.amazonaws.com -o default_acl=public -ononempty

All subsequent copies to /var/www/fcdn immeditely appear on AMAZON_S3 and are always publicly readable. No issues.

However, when I mount to DOSpaces with
s3fs fcn /var/www/fivecent/image -ourl=https://nyc3.digitaloceanspaces.com -o default
acl=public

A subsequent copy of a file to image folder or per say to fcdn folder simply fails with
cp zimage/*.png image/
cp: cannot create regular file ‘image/no_image.png’: Input/output error
cp: cannot create regular file 'image/placeholder.png’: Input/output error

Apparently there is a bug in the S3 API at DO. Hope someone looks into it.

Regards.

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!