How to configure minio to only allow anonymous users to download without allow to list bucket or object

Question

We have a minio server. Until now anonymous users were not able to do anything.

Now we want to allow them to download object when they know the path. e.g. https://minio.example.com/minio/download/image-bucket/cf1c42ad182849308c790d98dd89638f.png

I read that the command line mc and the web UI were not able to do this. I didn't found out how to achieve it without both tools.

What I did is create a new policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::images-live/*"
      ],
      "Sid": ""
    }
  ]
}

And adding it to the minio server with mc admin policy add minio getonly-policy policy-test.json.

Now I'm suppose to attach this to a user. How can I achieve this to attach it to an anonymous user?

score 8 · Accepted Answer · answered Jun 28 '20 at 08:38

8

You can use

mc policy set download play/test
Access permission for `play/test` is set to `download`

This will allow you to download objects. If you want to customize, please use mc policy set-json command

curl https://play.minio.io:9000/test/issue
Ubuntu 18.04.2 LTS \n \l

answered Jun 28 '20 at 08:38

r1j1m1n1

345
1
4

Unable to set policy of a non S3 url `minio/public`. `SetAccess` is not supported for `filesystem` – alan9uo Mar 15 '21 at 10:29
Solve it, I set the wrong alias.When I add the minio source use alias myminio，But when I set policy I use minio . – alan9uo Mar 16 '21 at 01:43

How to configure minio to only allow anonymous users to download without allow to list bucket or object

1 Answers1