All Products
Search

This Product

    Object Storage Service:set-acl

    Document Center

    Object Storage Service:set-acl

    Last Updated:Oct 11, 2023

    Access control lists (ACLs) are policies used to manage the access permissions on buckets and objects. You can configure the ACL for a bucket when you create the bucket or for an object after you upload the object to Object Storage Service (OSS). You can also modify the ACL of objects and buckets at any time. The set-acl command is used to configure or modify the ACL of buckets or objects.

    Note

    This topic provides sample command lines that are based on the 64-bit Linux system. For other systems, replace ./ossutil64 in the commands with the specific binary name. For more information, see ossutil.

    Configure or modify the ACL of a bucket

    • Command syntax

      ./ossutil64 set-acl oss://bucketname acl -b [--retry-times <value>]

      The following table describes the options that you can configure to run the set-acl command.

      Option

      Description

      bucketname

      The name of the bucket whose ACL you want to configure or modify.

      acl

      The ACL of the bucket. Valid values:

      • private (default): Only the bucket owner can perform read and write operations on objects in the bucket. Other users cannot access the objects in the bucket.

      • public-read: Only the bucket owner can perform write operations on objects in the bucket. Other users, including anonymous users, can perform only read operations on the objects in the bucket. This may result in unauthorized access to the data in your bucket and high fees. If a user uploads prohibited data or information, your legal rights may be infringed. We recommend that you do not set the bucket ACL to public-read unless necessary.

      • public-read-write: All users, including anonymous users, can perform read and write operations on the objects in the bucket. This may result in unauthorized access to the data in your bucket and high fees. Proceed with caution when you set the bucket ACL to public-read-write.

      -b

      If you do not specify this option, the ACL specified in the command is the ACL of objects. To use the command to configure the bucket ACL, you must specify this option.

      --retry-times

      The number of retries after the command fails to be run. Default value: 10. Valid values: 1 to 500.

    • Examples

      You can run the following command to set the ACL of a bucket named examplebucket to private: 

      ./ossutil64 set-acl oss://examplebucket private -b

    Configure or modify the ACL of objects

    • Command syntax

      ./ossutil64 set-acl oss://bucketname[/prefix] acl
[-r]
[--include <value>] 
[--exclude <value>]
[--version-id <value>]
[--job <value>] 
[--retry-times <value>]
[--encoding-type <value>]

      The following table describes the options that you can configure to run the set-acl command.

      Option

      Description

      bucketname

      The name of the bucket in which the objects whose ACL you want to configure or modify are stored.

      prefix

      The resources in the bucket whose names contain the specified prefix, such as directories or objects.

      acl

      The ACL of the objects. Valid values:

      • default: The ACL of the objects is the same as the ACL of the bucket in which the objects are stored.

      • private (default): Only the bucket owner can perform read and write operations on objects in the bucket. Other users cannot access the objects in the bucket.

      • public-read: Only the bucket owner can perform write operations on objects in the bucket. Other users, including anonymous users, can perform only read operations on the objects in the bucket. This may result in unauthorized access to the data in your bucket and high fees. If a user uploads prohibited data or information, your legal rights may be infringed. We recommend that you do not set the object ACL to public-read unless necessary.

      • public-read-write: All users, including anonymous users, can perform read and write operations on the objects in the bucket. This may result in unauthorized access to the data in your bucket and high fees. Proceed with caution when you set the object ACL to public-read-write.

      -r

      If you specify this option, ossutil configures the ACL of all objects whose names contain the prefix specified by the prefix option. If you do not specify this option, ossutil configures the ACL only of the object specified by cloud_url.

      --include

      Specifies that the command applies to all objects that meet the specified conditions.

      For more information, see set-acl.

      --exclude

      Specifies that the command applies to all objects that do not meet the specified conditions.

      For more information, see set-acl.

      --version-id

      The version ID of the object whose ACL you want to configure or modify. This option applies only to objects in buckets for which versioning is enabled or suspended.

      --job

      The number of concurrent tasks performed across multiple objects. Valid values: 1 to 10000. Default value: 3.

      --retry-times

      The number of retries after the command fails to be run. Default value: 10. Valid values: 1 to 500.

      --encoding-type

      The method used to encode the prefix that follows oss://bucket_name. Valid value: url. If you do not specify this option, the prefix is not encoded.

    • Examples

      • You can run the following command to set the ACL of an object named exampleobject.txt in a bucket named examplebucket to private: 

        ./ossutil64 set-acl oss://examplebucket/exampleobject.txt private

      • You can run the following command to set the ACL of a version of an object named exampleobject.txt in a bucket named examplebucket to private. The ID of the version isCAEQARiBgID8rumR2hYiIGUyOTAyZGY2MzU5MjQ5ZjlhYzQzZjNlYTAyZDE3****. 

        ./ossutil64 set-acl oss://examplebucket/exampleobject.txt private --version-id CAEQARiBgID8rumR2hYiIGUyOTAyZGY2MzU5MjQ5ZjlhYzQzZjNlYTAyZDE3****

      • You can run the following command to set the ACL of objects whose names contain the test prefix in a bucket named examplebucket to default: 

        ./ossutil64 set-acl oss://examplebucket/test default -r

      • You can run the following command to set the ACL of objects whose names contain the .jpg suffix in a bucket named examplebucket to private: 

        ./ossutil64 set-acl oss://examplebucket private --include "*.jpg" -r

      • You can run the following command to set the ACL of objects whose names contain the string abc and do not contain the .png or .txt suffix in a bucket named examplebucket to default: 

        ./ossutil64 set-acl oss://examplebucket default --include "*abc*" --exclude "*.png" --exclude "*.txt" -r

    Common options

    If you use ossutil to switch to a bucket that is located in another region, add the -e option to the command to specify the endpoint of the region in which the specified bucket is located. If you use ossutil to switch to a bucket that belongs to another Alibaba Cloud account, you can add the -i option to the command to specify the AccessKey ID of the specified account, and add the -k option to the command to specify the AccessKey secret of the specified account.

    For example, you can run the following command to set the ACL of a bucket named examplebucket to private. The examplebucket bucket is located in the China (Hangzhou) region and owned by another Alibaba Cloud account.

    ./ossutil64 set-acl oss://testbucket private -b -e oss-cn-shanghai.aliyuncs.com -i LTAI4Fw2NbDUCV8zYUzA****  -k 67DLVBkH7EamOjy2W5RVAHUY9H****

    For more information about other common options that you can use for the sync command, see View options.