Josef, A co-maintainer of the radula project forwarded this message to me. Our little project started specifically to address the handling of ACLs of uploaded objects through the S3 api, but has since grown to include other nice-to-haves. We noted that it was possible to upload objects to a bucket that the bucket owner could not control or even read. So we set about writing an upload tool (similar to s3cmd, awscli) that took care of the extra actions needed on our behalf. For our clusters, we rely on bucket policies. The user that is the bucket owner retains FULL_CONTROL, while optional read-only users may also be present (with perms READ + READ_ACP). With newly uploaded objects, radula synchronizes the object policy with the bucket policy, changing ownership if need be. We guard the write-enabled user closely, and typically issue keys to the read-only user to research staff. If you want to look at our implementation, the source is at https://github.com/bibby/radula But the short version is: after the upload, we set the object's ACL to a copy of the bucket's ACL. - bibby CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.