set-acl is used to configure the access control list (ACL) for a bucket or an object.

Note The commands described in this topic apply to Linux. To use the commands in other systems, replace ./ossutil in the command with the actual executable program name. For example, you can use the help command in 32-bit Windows systems by running ossutil32.exe help.

Command syntax

./ossutil set-acl oss://bucket[/prefix] [acl] [-r] [-b] [-f] [-c file]

Examples

  • Configure the ACL for a bucket
    ./ossutil set-acl oss://bucket1 private -b       
    Note You can set the following ACLs for a bucket:
    • private
    • public-read
    • public-read-write

    For more information about ACLs, see ACL-based access control.

  • Configure the ACL for a specified object
    ./ossutil set-acl oss://bucket1/path/object private                  
    Note You can set the following ACLs for an object:
    • default: The object inherits the ACL of the bucket to which it belongs.
    • private
    • public-read
    • public-read-write
  • Configure the ACL for all objects that have a specified prefix
    ./ossutil set-acl oss://bucket1/path/ private -r
  • Configure the ACL for objects that meet specified conditions
    When you configure ACLs, you can use --include and --exclude to select objects that meet specified conditions. For more information, see cp.
    • Set the ACL to private for all objects except objects in JPG format.
      ./ossutil set-acl oss://my-bucket1/path private --exclude "*.jpg" -r
    • Set the ACL to private for all objects that contain abc in their names and are not in JPG or TXT format
      ./ossutil set-acl oss://my-bucket1/path private --include "*abc*" --exclude "*.jpg" --exclude "*.txt" -r
  • Configure the ACL for a specified version of an object in a versioning-enabled bucket
    ./ossutil set-acl oss://bucket1/test.jpg private --version-id  CAEQARiBgID8rumR2hYiIGUyOTAyZGY2MzU5MjQ5ZjlhYzQzZjNlYTAyZDE3MDRk
    To use the --version-id option, you must run the ls --all-versions command to obtain version IDs of the object.
    Note The --version-id option can only be used for objects in versioning-enabled buckets. For more information about the command used to enable versioning on a bucket, see bucket-versioning.

Common options

The following table describes the options you can add to the set-acl command to set different ACLs for different objects.
Option Description
-r, --recursive Recursively performs operations on objects in a bucket. If this option is specified, the command that support this option will perform operations on all objects in a bucket that meet the specified conditions. If this option is not specified, the command will only perform operations on a single specified object.
-b, --bucket Specifies the bucket on which to perform an operation.
-f, --force Specifies whether to force an operation without prompting the user for confirmation.
--include Includes objects that match a specified string, such as *.jpg.
--exclude Excludes objects that match a specified string, such as *.txt.
-j, --jobs Specifies the number of concurrent operations performed across multiple objects. Valid values: 1 to 10000. Default value: 3.
--encoding-type Specifies the method used to encode the object name. If this option is specified, this value must be url. If this option is not specified, the object name is not encoded. Bucket names cannot be URL-encoded.
--output-dir Specifies the directory in which output objects are located. Output objects include report objects generated due to errors that occur when you use the cp command to copy multiple objects. For more information about the report objects, see the help information of the cp command. The default value is the ossutil_output directory in the current directory.
--loglevel Specifies the log level. The default value is null, indicating that no log files are generated. Valid values:
  • info: generates prompt logs.
  • debug: generates detailed logs that contain corresponding HTTP request and response information.
--retry-times Specifies the number of times an operation is retried if the operation fails. Valid values: 1 to 500. Default value: 10.
--version-id Specifies the version ID of an object in a bucket that has versioning enabled.
--proxy-host Specifies the URL of the proxy server. HTTP, HTTPS, and SOCKS5 proxies are supported. An example of the URL is http://120.79. **.**:3128 or socks5://120.79. **. **:1080.
--proxy-user Specifies the username for the proxy server. The default value is null.
--proxy-pwd Specifies the password for the proxy server. The default value is null.
Note For more information about common options, see View all supported options.