Skip to content

ACL

Use acl to get or set an object's canned ACL without uploading a new file.

Example, set an object to private:

sh
s3m acl backup/backups/file.dat --acl private

Retrieve the current ACL:

sh
s3m acl backup/backups/file.dat | xmllint --format -

xmllint is only used here to pretty-print the response.

During upload, you can also set a canned ACL with -a/--acl:

sh
s3m /path/to/file backup/backups/file.dat --acl public-read

The same --acl values are accepted when creating a bucket with cb.

Canned ACL options

--acl accepts the following canned ACLs:

ValueAccess granted
privateOwner gets FULL_CONTROL. No one else has access. (default)
public-readOwner gets FULL_CONTROL; the AllUsers group gets READ.
public-read-writeOwner gets FULL_CONTROL; the AllUsers group gets READ and WRITE. Not recommended.
authenticated-readOwner gets FULL_CONTROL; the AuthenticatedUsers group gets READ.
aws-exec-readOwner gets FULL_CONTROL; Amazon EC2 gets READ to the object (e.g. an AMI bundle).
bucket-owner-readObject owner gets FULL_CONTROL; the bucket owner gets READ. Applies to objects only.
bucket-owner-full-controlBoth the object owner and the bucket owner get FULL_CONTROL. Applies to objects only.

TIP

bucket-owner-read and bucket-owner-full-control only have an effect on objects; when used with cb they are ignored by S3.

Released under the BSD License.