Bug in application of bucket policy s3:PutObject?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If I want that only a user can put objects, and not download or delete. 
I have to apply a secondary statement denying the GetObject. Yet I did 
not specify the GetObject. 

This works
    {
      "Sid": "put-only-objects-s2",
      "Effect": "Deny",
      "Principal": { "AWS": [ "arn:aws:iam::Company:user/user1", 
"arn:aws:iam::Company:user/user2" ] },
      "Action": [
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::testbucket/user1/*"
    },
    {
      "Sid": "put-only-objects-s3",
      "Effect": "Allow",
      "Principal": { "AWS": [ "arn:aws:iam::Company:user/user1", 
"arn:aws:iam::Company:user/user2" ] },
      "Action": [
        "s3:ListBucket",
        "s3:HeadObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::testbucket/user1/*"
    },




This does not, you can still download the ones you upload.

    {
      "Sid": "put-only-objects-s3",
      "Effect": "Allow",
      "Principal": { "AWS": [ "arn:aws:iam::Company:user/user1", 
"arn:aws:iam::Company:user/user2" ] },
      "Action": [
        "s3:ListBucket",
        "s3:HeadObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::testbucket/user1/*"
    },






_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux