This topic describes how to run the config command to create a configuration file that is used to store Object Storage Service (OSS) access information. You can add the -c option when you run other commands. This way, ossutil uses configurations in the specified configuration file to access OSS.

Notice Sample command lines in this topic are based on the 64-bit Linux system. For other systems, replace ./ossutil64 in the commands with the corresponding binary name. For more information, see ossutil.

Command syntax

You can run the command in interactive or non-interactive mode. In interactive mode, you must complete related configurations by using a configuration file before you run the config command. When you run the config command, ossutil directly reads configurations from the configuration file. In non-interactive mode, you must specify configuration items when you run the config command. Compared with the non-interactive mode, the interactive mode provides higher security.

Run the command in non-interactive mode by using the following command syntax:

./ossutil64 config 
[-e, --endpoint <value>] 
[-i, --access-key-id <value>] 
[-k, --access-key-secret <value>] 
[-t, --sts-token <value>]
[--ram-role-arn <value>]
[-L language <value>] 
[--output-dir <value>] 
[-c, --config-file <value>]

The following table describes the configuration items.

Configuration item Description
-e, --endpoint The endpoint of the region in which the bucket is located. For more information, see Regions and endpoints. To specify the protocol that ossutil uses to access OSS, add http:// or https://. The default protocol is HTTP.
-i, --access-key-id The AccessKey ID in the [Credentials] section of the configuration file. For more information about how to view the AccessKey ID information, see Obtain an AccessKey pair.
-k, --access-key-secret The AccessKey secret in the [Credentials] section of the configuration file. For more information about how to view the AccessKey secret information, see Obtain an AccessKey pair.
-t, --sts-token The Security Token Service (STS) token used to access OSS. You need to configure this item only when you use STS for temporary access to OSS. For more information about how to generate an STS token, see the "Temporary access credential" section in Authorized third-party upload.
--ram-role-arn The Alibaba Cloud Resource Name (ARN) of the Resource Access Management (RAM) role used to authenticate requests. You need to configure this item only when you call AssumeRole to access OSS as a RAM user.
-L language The language that is used by ossutil. Default value: CH. Valid values:
  • CH: Chinese. If you plan to set this configuration item to CH, make sure that your system supports UTF-8 encoding.
  • EN: English.
--output-dir The directory in which the output objects are located. Output objects include report objects generated due to errors that occur when you run the cp command to copy multiple objects.

Default value: the ossutil_output directory in the current directory.

-c, --config-file The configuration file path of ossutil. ossutil reads the configuration file during startup.


  • Generate a configuration file in interactive mode
    ./ossutil64 config
    Enter the name of the configuration file. The file name can contain a path. The default path is /home/user/.ossutilconfig. If you press Enter without specifying a different destination, the file will be generated in the default path. 
    If you want to generate the file in another path, set the --config-file option to the path. 
    If you do not enter the path of the configuration file, the default configuration file /home/user/.ossutilconfig is used.  
    If you press the Enter key without configuring the following parameters, these parameters are ignored. To obtain more information about the parameters, run the help config command.  
    Enter the endpoint: 
    Enter the AccessKey ID: yourAccessKeyID 
    Enter the AccessKey secret: yourAccessKeySecret
    Enter the STS token: yourStsToken
  • Generate a configuration file in non-interactive mode
    ./ossutil64 config -e -i LTAIbZcdVCmQ**** -k D26oqKBudxDRBg8Wuh2EWDBrM0****  -L CH -c /myconfig

    If you specify options other than -L language and -c, --config-file when you run the config command, the non-interactive mode is used. Then, you must use options to specify all configuration items.

Modify the configuration file

You can modify OSS access information by modifying the generated configuration file. The configuration file of ossutil is in the following format:
        language = CH
        endpoint =
        accessKeyID = your_accesskey_id
        accessKeySecret = your_accesskey_secret
        stsToken = your_sts_token
        outputDir = your_output_dir
        ramRoleArn = your_ram_role_arn
        bucket1 = endpoint1
        bucket2 = endpoint2
        bucket1 = cname1
        bucket2 = cname2
  • Bucket-Endpoint: Specify an endpoint for each specified bucket.
  • Bucket-Cname: Configure a CNAME for each specified bucket. For more information about CNAMEs, see Map custom domain names.
  • AkService: This item is required if you need to use a RAM role bound to an Elastic Compute Service (ECS) instance to perform operations on OSS. When you configure this item, you need only to set EcsRamRoleTesting to the name of the RAM role bound to the ECS instance. After you configure this item, you can ignore the AccessKey ID, AccessKey Secret, and STSToken items. If you configure AccessKey ID, the AkService configuration does not take effect. The AccessKey ID, AccessKey Secret, and STSToken configurations are used to verify your identity. For more information about how to bind a RAM role to an ECS instance, see Bind an instance RAM role.
  • In the later version of ossutil, you do not need to specify Bucket-Endpoint or Bucket-Cname if you use the interactive mode. You can specify an endpoint or a CNAME for each bucket in the configuration file.
  • ossutil allows you to specify endpoints by using different methods. The following endpoint configurations take effect in descending order: endpoints specified by the --endpoint option in the command, endpoints specified in [Bucket-Cname], endpoints specified in [Bucket-Endpoint], and endpoints specified in [Credentials].