Question

How can I default a spaces bucket to public?

Posted July 5, 2019 1.2k views
DigitalOcean

I would like to default either my whole space or a certain bucket to public, meaning any new files uploaded would get public without having to set headers, etc.

I currently use s3cmd or java s3 API to upload new files and I set the header x-amz-acl to a value of public-read. This works MOST of the time but sometimes for an unknown reason, some files still end up private.

I am trying to use s3cmd as detailed here: https://developers.digitalocean.com/documentation/spaces/#set-bucket-acls but I need to figure out my owner ID. I tried to do that via https://developers.digitalocean.com/documentation/spaces/#get-bucket-acls but using curl I keep getting and InvalidArgument error returned.

This was my attempt so far:
curl -X GET -H “Authorization: Bearer MY-ACCESS-TOKEN” “https://MY-BUCKET.nyc3.digitaloceanspaces.com/?acl

How can I supply the right arguments for getting the bucket acl?

GET /?acl HTTP/1.1

Host: static-images.nyc3.digitaloceanspaces.com
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20170710T174434Z
Authorization: AWS4-HMAC-SHA256 Credential=II5JDQBAN3JYM4DNEB6C/20170710/nyc3/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=71dfa4666fb740d40d05307a29321c65cc620cdb17e8a9cb83d4f0e1b1b9d236

I think I have a key to use for the signature, but wasn’t sure about the credential part.

Thanks for any help!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
3 answers

Well, I answered a couple of my own questions, but it’s still not working.

I figured out that by using the Java API, or any other API it’s a lot easier to get and set the ACL. I am now able to do that, so I got my owner ID.

My current ACL looks like this in Java:

AccessControlList [owner=S3Owner [name=MY-OWNER-ID,id=MY-OWNER-ID], grants=[Grant [grantee=GroupGrantee [http://acs.amazonaws.com/groups/global/AllUsers], permission=READ], Grant [grantee=com.amazonaws.services.s3.model.CanonicalGrantee@e3da3b58, permission=FULL_CONTROL]]]

I granted myself full access and “AllUsers” read. However when I upload a new file using either the java api or s3cmd, it still is not readable in the browser :(

Any ideas on why it is not working? Thanks again!

According to support, granting READ permission to AllUsers on a bucket just means they can list the bucket contents…

I don’t understand why there is not a ‘read any object’ permission on a bucket or a directory inside a bucket? Can anyone enlighten me? Seems like such a common use case.

Thanks!

Using the following command I can mount a bucket on AMAZON_S3 so that any file placed there is then publicly accessible. I copy any file in

s3fs fcdn /var/www/fcdn -ourl=https://s3.us-east-2.amazonaws.com -o default_acl=public -ononempty

All subsequent copies to /var/www/fcdn immeditely appear on AMAZON_S3 and are always publicly readable. No issues.

However, when I mount to DOSpaces with
s3fs fcn /var/www/fivecent/image -ourl=https://nyc3.digitaloceanspaces.com -o default
acl=public

A subsequent copy of a file to image folder or per say to fcdn folder simply fails with
cp zimage/*.png image/
cp: cannot create regular file ‘image/no_image.png’: Input/output error
cp: cannot create regular file 'image/placeholder.png’: Input/output error

Apparently there is a bug in the S3 API at DO. Hope someone looks into it.

Regards.

Submit an Answer