Amazon S3-如何下载匿名用户拥有的对象? [英] Amazon S3 - How do I download objects owned by anonymous user?
问题描述
我有一个示例网页,允许匿名用户上传对象并在S3存储桶中创建文件夹.
I have a sample web page that has allowed anonymous users to upload objects and create folders in my S3 bucket.
很遗憾,在执行此操作之前,我没有设置任何特定的存储桶策略或ACL.
Unfortunately I had not set any specific bucket policies or ACLs before doing this.
现在,我遇到了一个问题,其中匿名用户创建了一个文件夹并上传了我(作为root用户)无法下载或访问的对象.我计划在更多用户可以上传对象之前设置新的存储桶策略,但是现在我需要访问匿名用户拥有的这些当前对象.
Now I have the problem where an anonymous user has created a folder and uploaded objects which I (as the root user) cannot download or access. I plan to set up a new bucket policy before more users can upload objects, but right now I need access to these current objects owned by anonymous.
有人可以告诉我我该怎么做吗?
Can someone tell me how I can do this?
推荐答案
匿名用户"是指未经身份验证的用户"吗?如果是这样,那么您有两个选择(下面的#1和#2).如果没有,那么您就有一个选择(下面的#1).所有这些当然都假定您不能说服上传者自己修改这些对象上的ACL.
By 'anonymous user', do you mean 'unauthenticated user'? If so, then you have two options (#1 and #2 below). If not, then you have one option (#1 below). All of this assumes, of course, that you cannot persuade the uploader himself to modify the ACLs on these objects.
-
删除对象.作为存储桶所有者,您始终可以删除对象(并停止为它们付款).
delete the objects. As the bucket owner, you can always delete objects (and stop paying for them).
成为对象所有者,并授予存储桶所有者(您)完全控制权.任何人都可以是未经身份验证的用户,因此也可以是对象所有者.
become the object owner and grant the bucket owner (you) full control. Anyone can be the unauthenticated user and hence the object owner.
这里是如何使用node.js和AWS JavaScript SDK对bkt/cat.jpg执行#2的示例.此代码以未经身份验证的用户身份调用putObjectAcl,并赋予存储桶所有者(您)对对象的完全控制权.
Here is an example of how to do #2 for bkt/cat.jpg using node.js and the AWS JavaScript SDK. This code invokes putObjectAcl as the unauthenticated user and gives the bucket owner (you) full control over the object.
var aws = require('aws-sdk');
var s3 = new aws.S3();
var p = { Bucket: 'bkt', Key: 'cat.jpg', ACL: 'bucket-owner-full-control' };
s3.makeUnauthenticatedRequest('putObjectAcl', p, function(e,d) {
if (e) console.log('err: ' + e);
if (d) console.log('data: ' + d);
});
不幸的是,awscli似乎不支持未经身份验证的S3调用,否则我会建议使用它来修改对象的ACL.
Unfortunately, the awscli does not appear to support unauthenticated S3 calls otherwise I would have proposed using that to modify the ACLs of the object.
请注意,罐头ACL bucket-owner-full-control给对象所有者和桶所有者完全控制.
Note that the canned ACL of bucket-owner-full-control gives both the object owner and the bucket owner full control.
这篇关于Amazon S3-如何下载匿名用户拥有的对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!