在S3上的文件权限 [英] Permissions of files on s3
问题描述
我对S3名为XYZ的水桶。内斗我在里面的786 / HTML /图像/ 786 / HTML / index.html,然后多张图片的HTML文件。该文件夹和文件具有完全控制所有者的权限。我使用AWS的红宝石SDK生成的URL为786 / HTML / index.html,然后页面工作正常,但在图像786 / HTML /图像没有被在786 / HTML / index.html的呈现。这是给我下面的错误在浏览器控制台: -
I have a bucket on S3 named xyz. Inside the bucket I have html file at 786/html/index.html and multiple images inside 786/html/images/. The folders and files have the permissions of full control for owner. I am using aws ruby-sdk for generating the url for 786/html/index.html and page is working fine but the images at 786/html/images are not being rendered in 786/html/index.html. It is giving me the following error on browser console:-
Failed to load resource: the server responded with a status of 403 (Forbidden)
现在我给了公共读取权限786 / HTML /图像。 786和786 / HTML拥有的权限仅拥有者。现在,786 / HTML / index.html的是能够渲染图像,但现在的图像也被public_url访问。我很困惑,786和786 / HTML没有公开的权限静态图像都可以访问。
Now I gave public read permission to 786/html/images. 786 and 786/html have the permissions for only owner. Now 786/html/index.html is able to render the images, but now the images are also accessible by public_url. I am confused as 786 and 786/html does not have public permissions still images are accessible.
一个可能的解决方案可以追加AwsAccessKey和签名的图像present源中的index.html里面。但是,当我们有多幅图像,因此我们需要有一个通用的签名。
A possible solution can be to append AwsAccessKey and signature to the source of image present inside the index.html. But as we have multiple images hence we need to have a generic signature.
建议需要
谢谢, Apurva Mayank
Thanks, Apurva Mayank
推荐答案
S3是对象存储。它不是一个层次文件系统,实际上并没有文件夹。
S3 is an object store. It is not a hierarchical filesystem and does not actually have "folders."
对象键可以有prefixes这是由公约分隔的 / 。
Object keys can have prefixes which are delimited by convention with /.
此给出的文件夹的假象,但是这不是因为作为一个实际的层次结构的相同。每个对象的权限是独立的,受政策(也可包括preFIX参考资料)。
This gives the illusion of folders, but this isn't the same as there being an actual hierarchy. Every object's permissions are independent, subject to policies (which can also include prefix references).
但要说786和786 / HTML没有公共许可,但786 / HTML /图像确实有公共权限拥有,因为这些文件夹实际上并没有关联的对象下的在S3中没有任何意义他们。
But to say "786 and 786/html does not have public permission" but "786/html/images" does have public permission has no meaning in S3 since the objects "under" those "folders" are not actually associated with them.
无论你是文件夹中的使用与你斗的工作可能给你一个IM pression的事情,否则,也可以manpulating对象的权限,并为您提供即时通讯pression这些权限继承。
Whatever you are using to work with your bucket may be giving you an impression that things are otherwise, or may be manpulating permissions of objects "in a folder" and giving you the impression that these permissions are inherited.
如果你的目的是使HTML文件可视只能用签名的URL,或使图像中可见只与网页(和自己没有下载),然后你的code也将需要完全限定并签署网址为嵌入式图像(和文件,如果你想要的是私有以及)。
If your intention is to make the html file viewable only with a signed URL, or to make the images visible only with the page (and not downloadable on their own) then your code will also need to fully-qualify and sign the urls for the embedded images (and the file, if you want that to be private as well).
这篇关于在S3上的文件权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
