Google Cloud Storage Share Publicly

3
votes

My Acl permissions on my bucket are as follow :

<?xml version="1.0" ?>
<AccessControlList>
    <Owner>
        <ID>00b4903a97dfaa16aff41eeb91e90b5fb524f1daf0d88fceca29b6f647412e8d</ID>
    </Owner>
    <Entries>
        <Entry>
            <Scope type="GroupById">
                <ID>00b4903a97dfaa16aff41eeb91e90b5fb524f1daf0d88fceca29b6f647412e8d</ID>
            </Scope>
            <Permission>FULL_CONTROL</Permission>
        </Entry>
        <Entry>
            <Scope type="AllUsers"/>
            <Permission>READ</Permission>
        </Entry>

<Entry>
   <Scope type="UserByEmail">
      <EmailAddress>
         my_app@appspot.gserviceaccount.com
      </EmailAddress>
   </Scope>
   <Permission>
      WRITE
   </Permission>
</Entry>

    </Entries>
</AccessControlList>

But when i upload a new file in this bucket is not shared by default.

I think i should be because of the AllUsers permission set to read

2
google-cloud-storage

2 Answers

10
votes

I think you are confusing bucket permissions and object permissions. The bucket is publicly readable so everyone can list the contents of the bucket but the object you upload has its own set of permissions. If you want an uploaded object to be publicly readable you need to enable that explicitly. You could use the following command to do that:

gsutil setacl public-read gs://bucket/object

Alternatively, you could set the default object ACL for the containing bucket to be publicly readable, using this command:

gsutil setdefacl public-read gs://bucket

The advantage of the latter is that every object uploaded to that bucket will automatically inherit public readability from the containing bucket.

4
votes

If you get: You are using a deprecated alias, "setdefacl", for the "defacl" ...

Use gsutil defacl set public-read gs://bucketname