'How to configure minio to only allow anonymous users to download without allow to list bucket or object
We have a minio server. Until now anonymous users were not able to do anything.
Now we want to allow them to download object when they know the path. e.g. https://minio.example.com/minio/download/image-bucket/cf1c42ad182849308c790d98dd89638f.png
I read that the command line mc and the web UI were not able to do this. I didn't found out how to achieve it without both tools.
What I did is create a new policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::images-live/*"
],
"Sid": ""
}
]
}
And adding it to the minio server with mc admin policy add minio getonly-policy policy-test.json.
Now I'm suppose to attach this to a user. How can I achieve this to attach it to an anonymous user?
Solution 1:[1]
You can use
mc policy set download play/test
Access permission for `play/test` is set to `download`
This will allow you to download objects. If you want to customize, please use mc policy set-json command
curl https://play.minio.io:9000/test/issue
Ubuntu 18.04.2 LTS \n \l
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | r1j1m1n1 |