[Cyberduck-trac] [Cyberduck] #9322: S3 ACLs can't be changed in third-party buckets (due to incorrect Owner specification?)
Cyberduck
trac at trac.cyberduck.io
Tue Mar 1 16:48:37 UTC 2016
#9322: S3 ACLs can't be changed in third-party buckets (due to incorrect Owner
specification?)
------------------------+------------------------------
Reporter: bretmartin | Owner: dkocher
Type: defect | Status: assigned
Priority: normal | Milestone: 5.0
Component: s3 | Version: Nightly Build
Severity: normal | Resolution:
Keywords: | Architecture:
Platform: |
------------------------+------------------------------
Comment (by bretmartin):
I have created bucket `bretmartin-cyberduck-trac-9322` with the following
bucket policy:
{{{
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "https://trac.cyberduck.io/ticket/9322",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::189584543480:user/TRAC-9322",
"arn:aws:iam::597082535337:user/bam"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bretmartin-cyberduck-
trac-9322",
"arn:aws:s3:::bretmartin-cyberduck-
trac-9322/*"
]
}
]
}
}}}
`...:user/bam` is also a third party IAM user from outside the account
that owns this bucket. Using that user in Cyberduck 5.0 (19065), I did the
following:
* connected to S3 specifying path `/bretmartin-cyberduck-trac-9322` (since
it is outside the account of the connecting IAM user)
* uploaded `test.txt` successfully
* this object had a single ACL entry granting `FULL_CONTROL` to the third
party account (not the bucket owner) -- this is expected
* '''Command-I > Permissions''' on object `test.txt`, try to add
`FULL_CONTROL` ACL entry by Amazon Customer Email Address, supply
`bam at miranda.org` (email address for the bucket owner account)
* yields error: Cannot change permissions of test.txt. Access Denied.
Please contact your web hosting service provider for assistance. [ Cancel
] [ Try Again ]
I will run this test again in a moment with debug logging on and supply
relevant excerpts.
--
Ticket URL: <https://trac.cyberduck.io/ticket/9322#comment:5>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list