|
Title: Ability to call s3sync with more permission/access control options Post by: rtec on September 18, 2007, 01:36:18 AM I would like the ability to call s3sync with more permission/access control options, in addition to the existing --public-read option.
I know that AWS supports 5 different levels, READ, WRITE, READ_ACP, WRITE_ACP and FULL_CONTROL. Here is my situation: I have a private bucket owned by me (aka "foo"). I have granted another user (aka "bar") read/write permission to this bucket. All this can be done by a number of tools (specifically used S3 Firefox Organizer). This setup allows either "foo" or "bar" to write files to bucket, and delete files from the bucket when using the --delete option. The problem arises when "foo" tries to read "bar"'s uploaded data, or the opposite, permission is denied. I would like a way for every file uploaded by "foo" to grant "bar" read access, and vise versa. I have read a bit into the developer docs and it looks like this would use a non-canned ACL and therefore would require a second separate REST API call for each object that is uploaded. This would be similar to what is shown here http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAccessPolicy.html, only using the first example from here http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingGrantees.html to specify the email address. Maybe the information used to construct the ACL could be contained in the YAML config file? |