Question

How can I default a spaces bucket to public?

Posted July 5, 2019 595 views
DigitalOcean

I would like to default either my whole space or a certain bucket to public, meaning any new files uploaded would get public without having to set headers, etc.

I currently use s3cmd or java s3 API to upload new files and I set the header x-amz-acl to a value of public-read. This works MOST of the time but sometimes for an unknown reason, some files still end up private.

I am trying to use s3cmd as detailed here: https://developers.digitalocean.com/documentation/spaces/#set-bucket-acls but I need to figure out my owner ID. I tried to do that via https://developers.digitalocean.com/documentation/spaces/#get-bucket-acls but using curl I keep getting and InvalidArgument error returned.

This was my attempt so far:
curl -X GET -H “Authorization: Bearer MY-ACCESS-TOKEN” “https://MY-BUCKET.nyc3.digitaloceanspaces.com/?acl

How can I supply the right arguments for getting the bucket acl?

GET /?acl HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T174434Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=71dfa4666fb740d40d05307a29321c65cc620cdb17e8a9cb83d4f0e1b1b9d236

I think I have a key to use for the signature, but wasn’t sure about the credential part.

Thanks for any help!

Add a comment
Bmeist
By:
Bmeist
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers
Bmeist July 5, 2019

Well, I answered a couple of my own questions, but it’s still not working.

I figured out that by using the Java API, or any other API it’s a lot easier to get and set the ACL. I am now able to do that, so I got my owner ID.

My current ACL looks like this in Java:

AccessControlList [owner=S3Owner [name=MY-OWNER-ID,id=MY-OWNER-ID], grants=[Grant [grantee=GroupGrantee [http://acs.amazonaws.com/groups/global/AllUsers], permission=READ], Grant [grantee=com.amazonaws.services.s3.model.CanonicalGrantee@e3da3b58, permission=FULL_CONTROL]]]

I granted myself full access and “AllUsers” read. However when I upload a new file using either the java api or s3cmd, it still is not readable in the browser :(

Any ideas on why it is not working? Thanks again!

Reply Report
Bmeist July 15, 2019

According to support, granting READ permission to AllUsers on a bucket just means they can list the bucket contents…

I don’t understand why there is not a ‘read any object’ permission on a bucket or a directory inside a bucket? Can anyone enlighten me? Seems like such a common use case.

Thanks!

Reply Report
fskhan July 24, 2019

Using the following command I can mount a bucket on AMAZON_S3 so that any file placed there is then publicly accessible. I copy any file in

s3fs fcdn /var/www/fcdn -ourl=https://s3.us-east-2.amazonaws.com -o default_acl=public -ononempty

All subsequent copies to /var/www/fcdn immeditely appear on AMAZON_S3 and are always publicly readable. No issues.

However, when I mount to DOSpaces with
s3fs fcn /var/www/fivecent/image -ourl=https://nyc3.digitaloceanspaces.com -o defaultacl=public

A subsequent copy of a file to image folder or per say to fcdn folder simply fails with
cp zimage/*.png image/
cp: cannot create regular file ‘image/no_image.png’: Input/output error
cp: cannot create regular file 'image/placeholder.png’: Input/output error

Apparently there is a bug in the S3 API at DO. Hope someone looks into it.

Regards.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help