我们在亚马逊S3水桶具有大量文件的浓密的树。我刚刚发现，虽然一些文件有两个权限条目，因为如果一个人点击在AWS管理控制台的文件，那么性能可见 - >权限，一行是人人和其他一些特定的用户，其他的文件只是有一个条目为该用户。其结果是，我们在下载这些文件的使用博托或卷曲的Amazon EC2实例的问题。

We have a bushy tree in a bucket on Amazon S3 with a large number of files. I just discovered that while some files have two permissions entries, as seen if one clicks on a file in the AWS Management Console, then properties -> permissions, one line being "everyone" and the other some specific user, other files just have one entry for that user. As the results, we're having issues downloading those files to Amazon EC2 instances using boto or curl.

我需要做的是在所有文件中的水桶，并检查他们。我知道如何获得钥匙的完整列表为preFIX。我可以用博托提取权限的关键，并且是有检测的标准方法，如果这些权限是每个人或特定的人，和他们是什么？

What I need to do is go over all files in the bucket and inspect them. I know how to get the full list of keys for a prefix. Can I use boto to extract permissions for a key, and is there a standard way of testing if those permissions are for everyone or someone specific, and what they are?

此外，一旦我确定如果密钥具有限制性的权限，以编程方式通过添加读取权限更改为所有人？

Also, once I determine if a key has restrictive permissions, can I programmatically change them by adding read permissions to "everyone"?

THX

推荐答案

下面是一些Python code，使用博托，那会去翻所有桶的关键。如果该键不允许人人阅读的关键内容，这将增加公共阅读权限给该键：​​

Here is some Python code, using boto, that would look through all of the keys in a bucket. If the key does not allow "everyone" to read the contents of the key, it will add public-read permissions to that key:

import boto

all_users = 'http://acs.amazonaws.com/groups/global/AllUsers'
conn = boto.connect_s3()
bucket = conn.get_bucket('mybucket')

for key in bucket:
    readable = False
    acl = key.get_acl()
    for grant in acl.acl.grants:
        if grant.permission == 'READ':
            if grant.uri == all_users:
                readable = True
    if not readable:
        key.make_public()

这code还没有经过全面的测试，所以你应该尝试的事情了第一。此外，很清楚，这样做的最终结果就是让所有的桶中的对象的任何人都能读。也请记住，这个脚本读取每个对象的当前ACL桶中，所以如果有几百万的对象，这是数以百万计的请求，可以采取大量的时间和与它相关的一些费用。

This code has not been thoroughly tested so you should try things out first. Also, be clear that the net result of this is to make ALL of the objects in the bucket readable by anyone. Also keep in mind that this script is fetching the current ACL of every object in the bucket so if there are millions of objects, that's millions of requests which can take a lot of time and has some cost associated with it.

另一种方法是只是调用 make_public（）在每一个关键的桶中，无论是当前的ACL。

Another approach would be to just call make_public() on every key in the bucket, regardless of it's current ACL.