ghost
commented
11 years ago That would be great addition.
Closed jturolla closed 11 years ago
ghost
commented
11 years ago That would be great addition.
jturolla
commented
11 years ago Help from someone who knows S3 bucket policies well is appreciated.
jturolla
commented
11 years ago The issue seems to be related to the ACL permissions. The default ACL permission for a file uploaded by the S3 gem (and others) is public. There is a way to change the ACL permissions right when uploading, but the only way I found to do this is to edit this method:
def HerokuMongoBackup::s3_upload(bucket, filename)
object = bucket.objects.build("backups/#{filename}")
object.content = open(filename)
object.save
object.copy(:key => "backups/#{filename}", :bucket => bucket, :acl => :private)
endadding the .copy with :acl.
I'm not sure if we can build with an specific acl, nor if this copy will replace the file.
I'm gonna finish some testing and send a pull request when I find a solution.
ghost
commented
11 years ago Thanks for looking into this. If the acl was configurable through an environment variable, similar to the backup bucket variable, but could still default to public, then the upgrade to this change would be seamless.
jturolla
commented
11 years ago awesome. I'll send a pull request until the end of the week.
aarti
commented
11 years ago The latest commit 134dbd7 fixes this issue. The issue can be closed.
jturolla
commented
11 years ago cool.
Hello,
My S3 bucket is allowing public access to the backup folder by default, is it related to this gem? I know I can create a bucket policy to limit access only for my user and heroku key/secret.
I think lots of people using this gem will have this issue it would be interesting for the gem to upload backups with the right permissions.
I'm trying to build a bucket policy for that and I'll post it here later.