[Cyberduck-trac] [Cyberduck] #9322: S3 ACLs can't be changed in third-party buckets (due to incorrect Owner specification?)
Cyberduck
trac at trac.cyberduck.io
Tue Mar 1 17:05:06 UTC 2016
#9322: S3 ACLs can't be changed in third-party buckets (due to incorrect Owner
specification?)
------------------------+------------------------------
Reporter: bretmartin | Owner: dkocher
Type: defect | Status: assigned
Priority: normal | Milestone: 5.0
Component: s3 | Version: Nightly Build
Severity: normal | Resolution:
Keywords: | Architecture:
Platform: |
------------------------+------------------------------
Comment (by bretmartin):
Here is the original ACL on `test.txt` as retrieved using `aws s3api get-
object-acl ...`. Note in particular that the Owner is the ''third party
account'' with ID starting '''e455d7...''':
{{{
{
"Owner": {
"DisplayName": "aws",
"ID":
"e455d7150e7518eef8ed181a177463ef25e98fa91ba7b18ecdcb4181626ee607"
},
"Grants": [
{
"Grantee": {
"DisplayName": "aws",
"ID":
"e455d7150e7518eef8ed181a177463ef25e98fa91ba7b18ecdcb4181626ee607"
},
"Permission": "FULL_CONTROL"
}
]
}
}}}
Here is the XML of the ACL Cyberduck tries to set per my test above
(extracted from Cyberduck debug log entries):
{{{
<?xml version="1.0"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>ea495239f890028c88eb505804ee843a3c4b6eaa0f7033702baa21ddcebe7e00</ID>
<DisplayName>bam</DisplayName>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="CanonicalUser">
<ID>ea495239f890028c88eb505804ee843a3c4b6eaa0f7033702baa21ddcebe7e00</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="CanonicalUser">
<ID>e455d7150e7518eef8ed181a177463ef25e98fa91ba7b18ecdcb4181626ee607</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="AmazonCustomerByEmail">
<EmailAddress>bam at miranda.org</EmailAddress>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>
}}}
Note that the Owner has changed to the ''bucket owner account'' with ID
starting '''ea4952...'''. Unless I am mistaken, it is not possible to
change the ownership of an S3 object (normally the recommended solution to
change actual ownership is for the new owner to copy the object, and then
delete the original one). I believe this is causing the error.
--
Ticket URL: <https://trac.cyberduck.io/ticket/9322#comment:6>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list