Amazon S3-如何下载匿名用户拥有的对象? [英] Amazon S3 - How do I download objects owned by anonymous user?

问题描述

我有一个示例网页，允许匿名用户上传对象并在S3存储桶中创建文件夹.

I have a sample web page that has allowed anonymous users to upload objects and create folders in my S3 bucket.

很遗憾，在执行此操作之前，我没有设置任何特定的存储桶策略或ACL.

Unfortunately I had not set any specific bucket policies or ACLs before doing this.

现在，我遇到了一个问题，其中匿名用户创建了一个文件夹并上传了我(作为root用户)无法下载或访问的对象.我计划在更多用户可以上传对象之前设置新的存储桶策略，但是现在我需要访问匿名用户拥有的这些当前对象.

Now I have the problem where an anonymous user has created a folder and uploaded objects which I (as the root user) cannot download or access. I plan to set up a new bucket policy before more users can upload objects, but right now I need access to these current objects owned by anonymous.

有人可以告诉我我该怎么做吗?

Can someone tell me how I can do this?

推荐答案

匿名用户"是指未经身份验证的用户"吗?如果是这样，那么您有两个选择(下面的#1和#2).如果没有，那么您就有一个选择(下面的#1).所有这些当然都假定您不能说服上传者自己修改这些对象上的ACL.

By 'anonymous user', do you mean 'unauthenticated user'? If so, then you have two options (#1 and #2 below). If not, then you have one option (#1 below). All of this assumes, of course, that you cannot persuade the uploader himself to modify the ACLs on these objects.

1. 删除对象.作为存储桶所有者，您始终可以删除对象(并停止为它们付款).

1. delete the objects. As the bucket owner, you can always delete objects (and stop paying for them).

成为对象所有者，并授予存储桶所有者(您)完全控制权.任何人都可以是未经身份验证的用户，因此也可以是对象所有者.

become the object owner and grant the bucket owner (you) full control. Anyone can be the unauthenticated user and hence the object owner.

这里是如何使用node.js和AWS JavaScript SDK对bkt/cat.jpg执行#2的示例.此代码以未经身份验证的用户身份调用putObjectAcl，并赋予存储桶所有者(您)对对象的完全控制权.

Here is an example of how to do #2 for bkt/cat.jpg using node.js and the AWS JavaScript SDK. This code invokes putObjectAcl as the unauthenticated user and gives the bucket owner (you) full control over the object.

var aws = require('aws-sdk');
var s3 = new aws.S3();
var p = { Bucket: 'bkt', Key: 'cat.jpg', ACL: 'bucket-owner-full-control' };
s3.makeUnauthenticatedRequest('putObjectAcl', p, function(e,d) {
  if (e) console.log('err: ' + e);
  if (d) console.log('data: ' + d);
});

不幸的是，awscli似乎不支持未经身份验证的S3调用，否则我会建议使用它来修改对象的ACL.

Unfortunately, the awscli does not appear to support unauthenticated S3 calls otherwise I would have proposed using that to modify the ACLs of the object.

请注意，罐头ACL bucket-owner-full-control给对象所有者和桶所有者完全控制.

Note that the canned ACL of bucket-owner-full-control gives both the object owner and the bucket owner full control.

这篇关于Amazon S3-如何下载匿名用户拥有的对象?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！