How to disable google cloud storage bucket list from acl control?

StackOverflow https://stackoverflow.com/questions/19124162

Question

We're using google cloud storage as our CDN.

However, any visitors can list all files by typing: http://ourcdn.storage.googleapis.com/

How to disable it while all the files under the bucket is still public readable by default?

We previously set the acl using 

gsutil defacl ch -g AllUsers:READ
Était-ce utile?

La solution

In GCP dashboard:

  1. get in your bucket
  2. click "Permissions" tab and get in.
  3. in member list find "allUsers", change role from Storage Object Viewer to Storage Legacy Object Reader

then, listing should be disabled.

Update:

as @Devy comment, just check the note below here

Note: roles/storage.objectViewer includes permission to list the objects in the bucket. If you don't want to grant listing publicly, use roles/storage.legacyObjectReader.

Autres conseils

Upload an empty index.html file in the root of your bucket. Open the bucket settings and click Edit website configuration - set index.html as the Main Page.

It will prevent the listing of the directory.

Your defacl looks good. The problem is most likely that for some reason AllUsers must also have READ, WRITE, or FULL_CONTROL on the bucket itself. You can clear those with a command like this: 

gsutil acl ch -d AllUsers gs://bucketname

Your command set the default object ACL on the bucket to READ, which means that objects will be accessible by anyone. To prevent users from listing the objects, you need to make sure users don't have an ACL on the bucket itself.

gsutil acl ch -d AllUsers gs://yourbucket

should accomplish this. You may need to run a similar command for AllAuthenticatedUsers; just take a look at the bucket ACL with

gsutil acl get gs://yourbucket

and it should be clear.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top