Login/Register
How to configure minio to only allow anonymous users to download without allow to list bucket or object
Asked Answered
Solved minio
B

1

8

We have a minio server. Until now anonymous users were not able to do anything.

Now we want to allow them to download object when they know the path. e.g. https://minio.example.com/minio/download/image-bucket/cf1c42ad182849308c790d98dd89638f.png

I read that the command line mc and the web UI were not able to do this. I didn't found out how to achieve it without both tools.

What I did is create a new policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::images-live/*"
      ],
      "Sid": ""
    }
  ]
}

And adding it to the minio server with mc admin policy add minio getonly-policy policy-test.json.

Now I'm suppose to attach this to a user. How can I achieve this to attach it to an anonymous user?

Barthel answered 26/6, 2020 at 13:22 Comment(0)
T
11

You can use

mc policy set download play/test
Access permission for `play/test` is set to `download`

This will allow you to download objects. If you want to customize, please use mc policy set-json command

curl https://play.minio.io:9000/test/issue
Ubuntu 18.04.2 LTS \n \l
Thereupon answered 28/6, 2020 at 8:38 Comment(2)
Unable to set policy of a non S3 url minio/public. SetAccess is not supported for filesystemQuinnquinol
Solve it, I set the wrong alias.When I add the minio source use alias myminio,But when I set policy I use minio .Quinnquinol

© 2022 - 2024 — McMap. All rights reserved.