Option for default access level to objects on filesystem provider

[Mikhael-Danilov]

It seems that when

jclouds.provider=filesystem
jclouds.filesystem.basedir=./s3_base

configuration was used any file with known full path inside ./s3_base cloud to be retrieved by anonymous user regardless of s3proxy.authorization setting.

It clouds be useful to add an option for default access level to objects on filesystem provider.

[gaul]

I'm trying to understand the use case -- you configured S3Proxy to allow anonymous access but only want to allow access to x-amz-acl public-read and not private? By default jclouds FilesystemStorageStrategyImpl.getBlobAccess uses the PosixFilePermission.OTHERS_READ bit to determine whether to allow public access. Does this match your expectations?

[Mikhael-Danilov]

My full config is follows:

s3proxy.secure-endpoint=https://x.x.x.x

s3proxy.authorization=aws-v2-or-v4
s3proxy.identity=some_id
s3proxy.credential=some_key
s3proxy.cors-allow-all=true
s3proxy.virtual-host=some_host
s3proxy.ignore-unknown-headers=true
s3proxy.keystore-path=keystore.jks
s3proxy.keystore-password=keystore_pass

s3proxy.bucket-locator.1=bucket

jclouds.provider=filesystem
jclouds.filesystem.basedir=./s3_base

So I believe client should be only able to access any data after authorization with some_id:some_key, and this is indeed try for files listing or write operations, however clients able to access data on known path anonymously which is a cause of my confusion.

I'll try to revoke PosixFilePermission.OTHERS_READ bit from my filesystem storage. Thank you,