尽管我是所有者，但仍无法以所有者身份访问资源 [英] Can't access resource as OWNER despite the fact I'm the owner

问题描述

我正在尝试对存储桶和资源进行操作，但我不断收到拒绝访问错误

I'm trying to act on a bucket and resources but I keep getting access denied error

例如

```

$ gsutil ls -L gs://images/large

$ gsutil ls -L gs://images/large

gs://images/large/aa.png:
   Creation time:       Tue, 25 Nov 2014 20:03:19 GMT
   Cache-Control:       public, max-age=2592000
   Content-Length:      343034
   Content-Type:        image/png
   Generation:      1416945799570000
   Metageneration:      2
   ACL:     ACCESS DENIED. Note: you need OWNER permission
            on the object to read its ACL.

```

与尝试运行acl操作或覆盖文件相同.

Same when I try to run acl operations or override a file.

推荐答案

首先，我想提一下，作为存储桶拥有者意味着始终可以删除存储在该存储桶中的对象，但您可能不会如果默认ACL被覆盖，则具有对象所有者权限.这不同于在具有超级用户概念的情况下流行的操作系统的工作方式.

First of all, I'd like to mention that being the bucket owner means that you are always allowed to delete the objects stored in that bucket but you may not have object owner permissions if the default ACLs were overridden. This is different from how popular operating systems work where there is the concept of a super-user.

您是否尝试使用现有的服务帐户运行该命令在APIs&的开发者控制台中列出的项目中.身份验证->凭据?

Did you try to run that command using the existing service accounts in your project listed in the Developers Console at APIs & auth -> Credentials?

如果仍然出现该错误，则该对象可能是通过App Engine上传的.您可以使用以下代码 Python 创建一个App Engine应用程序. "https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls/list" rel ="nofollow">使用JSON API列出对象ACL ，因为App Engine拥有自己的服务帐户( <project ID>@appspot.gserviceaccount.com)，与开发者控制台中显示的内容不同.

If you are still getting that error, the object was probably uploaded through App Engine. You can make an App Engine application in Python with the following code which lists the object ACLs using the JSON API because App Engine has its own service account (<project ID>@appspot.gserviceaccount.com) and it's different from that appear in the Developers Console.

#!/usr/bin/env python                                                                                                                     
import webapp2
from google.appengine.api import app_identity
from google.appengine.api import urlfetch


class MainPage(webapp2.RequestHandler):
    def get(self):
        scope = "https://www.googleapis.com/auth/devstorage.full_control"
        authorization_token, _ = app_identity.get_access_token(scope)
        acls = urlfetch.fetch(
            "https://www.googleapis.com/storage/v1/b/<bucket>/o/<object/acl",
            method=urlfetch.GET,
            headers = {"Content-Type": "application/json", "Authorization": "OAuth " + authorization_token})
        self.response.headers['Content-Type'] = 'application/json'
        self.response.write(acls.content)

application = webapp2.WSGIApplication([
    ('/', MainPage),
], debug=True)

这篇关于尽管我是所有者，但仍无法以所有者身份访问资源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！