Change default ACL to inherit #5711
Comments
Replying to [5711 Decker Jesse]:
Do you suggest the ACL should be inherited from the bucket? |
Replying to [comment:2 dkocher]:
Yessir. Thanks for clarifying. |
Replying to [comment:3 Decker Jesse]:
The issue here is that the semantics for ACLs on the bucket are not the same for the same ACL on a object in the bucket. Not sure if such a policy to copy the ACL from the bucket would always lead to the desired result. |
Wouldn't it be possible for this use case to apply a bucket policy? Refer to Granting Permission, Using Canonical ID, to a CloudFront Origin Identify. |
According to the Default ACLs in Cyberducks FAQ, if you have a default ACL specified in preferences, it will be applied to all uploaded files. However, if you turn this feature OFF, aka. uncheck the box "Change Permissions" under Preferenes >> Transfers tab >> Permissions tab >> Uploads section >> Change Permissions, the ACL that is applied is [Owner: FULL_CONTROL] only.
This behavior has been confirmed on 3.8 and current nightly build.
Private CloudFront distributions require special access, including a custom ACL. I would argue the better way would be to have the default be to apply an inherited ACL when the box is unchecked. This would eliminate the need to add a new user to the affected files after every upload.
Additionally, the functionality of forcing the upload to have [Owner: FULL_CONTROL] only would still be intact by enabling that checkbox and customizing the permissions.
On a side note, we use your software every day at work -- great stuff! Thank you so much!
The text was updated successfully, but these errors were encountered: