First of all, I'd like to mention that being the bucket owner means that you are always allowed to delete the objects stored in that bucket but you may not have object owner permissions if the default ACLs were overridden. This is different from how popular operating systems work where there is the concept of a super-user.
Did you try to run that command using the existing service accounts in your project listed in the Developers Console at APIs & auth -> Credentials?
If you are still getting that error, the object was probably uploaded through App Engine. You can make an App Engine application in Python with the following code which lists the object ACLs using the JSON API because App Engine has its own service account (<project ID>@appspot.gserviceaccount.com) and it's different from that appear in the Developers Console.
#!/usr/bin/env python
import webapp2
from google.appengine.api import app_identity
from google.appengine.api import urlfetch
class MainPage(webapp2.RequestHandler):
def get(self):
scope = "https://www.googleapis.com/auth/devstorage.full_control"
authorization_token, _ = app_identity.get_access_token(scope)
acls = urlfetch.fetch(
"https://www.googleapis.com/storage/v1/b/<bucket>/o/<object/acl",
method=urlfetch.GET,
headers = {"Content-Type": "application/json", "Authorization": "OAuth " + authorization_token})
self.response.headers['Content-Type'] = 'application/json'
self.response.write(acls.content)
application = webapp2.WSGIApplication([
('/', MainPage),
], debug=True)
gsutil defacl get gs://bucketname– Apportionment