[Cyberduck-trac] [Cyberduck] #9322: S3 ACLs can't be changed in third-party buckets (due to incorrect Owner specification?)
Cyberduck
trac at trac.cyberduck.io
Tue Mar 1 17:07:47 UTC 2016
#9322: S3 ACLs can't be changed in third-party buckets (due to incorrect Owner
specification?)
------------------------+------------------------------
Reporter: bretmartin | Owner: dkocher
Type: defect | Status: assigned
Priority: normal | Milestone: 5.0
Component: s3 | Version: Nightly Build
Severity: normal | Resolution:
Keywords: | Architecture:
Platform: |
------------------------+------------------------------
Comment (by bretmartin):
Last update for now. I realized I incorrectly stated the problem in my
original description:
By turning on Cyberduck debug logging, I found that the ACL change
request included the '''canonical ID of the third party account''' in the
<Owner> element of the access control policy. However, the '''owner of the
object is our account, not the third party account.''' I believe this is
the reason for the "Access Denied" error from S3 and the difference in
behavior from the AWS CLI.
I had things inverted in this paragraph. Sorry for being confusing. It
should have read
By turning on Cyberduck debug logging, I found that the ACL change
request included the '''canonical ID of the bucket owner account''' in the
<Owner> element of the access control policy. However, the '''owner of the
object is the third party account, not the bucket owner account.''' I
believe this is the reason for the "Access Denied" error from S3 and the
difference in behavior from the AWS CLI.
--
Ticket URL: <https://trac.cyberduck.io/ticket/9322#comment:7>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list