Set Object ACL

Before setting ACL permissions, we recommend you read Managing S3 Access Control Lists (ACLs).

s3cmd [-c CONFIGFILE] setacl s3://BUCKET/OBJECT [--acl-grant=PERMISSION:{USER_VAST_ID|GROUP}] [--acl-revoke=PERMISSION:{USER_VAST_ID|GROUP}]

CONFIGFILE	Configuration file. Defaults to $HOME/.s3cfg
BUCKET	Name of bucket
OBJECT	Name of object
--acl-grant	Grant stated permission for stated user or group.
--acl-revoke	Revoke stated permission for stated user or group
PERMISSION	Type of permission to grant: read write read_acp write_acp full_control all
USER	A user to which you want to grant the permission. Can be specified as: . A principal name in the format user@domain, where user is the user name and domain is configured for an external auth provider on the cluster (LDAP, NIS). Note Users on the local provider cannot be specified this way. A VID, which is a VAST ID used in the cluster's internal user database.
GROUP	A group to which you want to grant the permission. The group can be specified as follows: Set the type to GroupLoginName and specify the group in the format group@domain, where group is the group name and domain is configured for an external auth provider on the cluster (such as LDAP). Specify the group's VID, which is the VAST ID used in the cluster's internal user database. If you want to grant permissions to an S3 predefined group, specify one of the following: `http://acs.amazonaws.com/groups/global/AllUsers`, or `http://acs.amazonaws.com/groups/global/AuthenticatedUsers`

Example

Grant write permission to object myfile.asp in bucket mybucket to the user whose VID is 6.

$ s3cmd -c vast.s3cfg setacl s3://mybucket/myfile.asp --acl-grant=write:6

Grant read permission to object myfile.asp in bucket mybucket to group mygroup@domain.com:

$ s3cmd -c vast.s3cfg setacl s3://mybucket/myfile.asp --acl-grant=read:'groupLoginName=mygroup@domain.com'