aws --endpoint-url=https://s3-api.us-geo.objectstorage.softlayer.net s3api put-object-acl --bucket mytestbucket --key foo.txt --acl public-read-write
aws --endpoint-url=https://s3-api.us-geo.objectstorage.softlayer.net s3api get-object-acl --bucket mytestbucket --key foo.txt
{
"Owner": {
"DisplayName": "b25ce81dcaa1498db3d1c802b3fdd",
"ID": "b25ce81dcaa1498db3d1c802b3fdd"
},
"Grants": [
{
"Grantee": {
"Type": "Group",
"URI": "ttp://acs.amazonaws.com/groups/global/AllUsers"
},
"Permission": "READ"
},
{
"Grantee": {
"Type": "CanonicalUser",
"DisplayName": "b25ce81dcaa1498db3d1c802b3fdd",
"ID": "b25ce81dcaa1498db3d1c802b3fdd"
},
"Permission": "FULL_CONTROL"
}
]
}
使用ACL仅在存储层级别才能授予特定帐户WRITE权限。仍然可以使用ACL罐头授予对象PUBLIC-READ-WRITE权限,但仅设置READ权限。
对象ACL仅限于授予特定帐户READ,READ_ACP(读取ACL)或WRITE_ACP(写ACL)权限,FULL_CONTROL授予所有三个权限。也就是说,您要发出的CLI命令是正确的,并且AWS对于对象ACL也有相同的限制。
有关创建对象ACL的更多信息,请参见API文档。