Add ACL options for s3 upload #226

New Issue

michael · 2026-01-19T18:29:30Z

michael commented

2026-01-19 18:29:30 +00:00

Originally created by @JackDallas on GitHub.

I'm using Digitaloceans spaces s3 compatible storage, unfortunately they don't offer a way to set the ACL for the whole bucket.

A --s3-acl option that could be set to public would make transfer.sh work with this.

I couldn't see a way to do this but if one exists please feel free to correct me :)

Originally created by @JackDallas on GitHub. I'm using Digitaloceans spaces s3 compatible storage, unfortunately they don't offer a way to set the ACL for the whole bucket. A `--s3-acl` option that could be set to `public` would make transfer.sh work with this. I couldn't see a way to do this but if one exists please feel free to correct me :)

michael closed this issue

2026-01-19 18:29:30 +00:00

michael commented

2026-01-19 18:29:31 +00:00

@paolafrancesca commented on GitHub:

@JackDallas but if the items are created private by default with the aws credentials of transfer.sh I expect that after the same client with the same credentials will be able to access the items again
what am I missing?

@paolafrancesca commented on GitHub: @JackDallas but if the items are created private by default with the aws credentials of transfer.sh I expect that after the same client with the same credentials will be able to access the items again what am I missing?

michael commented

2026-01-19 18:29:31 +00:00

@paolafrancesca commented on GitHub:

@JackDallas can you explain in more details?
transfer.sh doesn't create the bucket it writes into. why don't you just create it as public?

@paolafrancesca commented on GitHub: @JackDallas can you explain in more details? transfer.sh doesn't create the bucket it writes into. why don't you just create it as public?

michael commented

2026-01-19 18:29:31 +00:00

@paolafrancesca commented on GitHub:

@JackDallas sorry but it is still not clear
where do you set the base url? as --s3-endpoint to transfer.sh?
what is exactly not working?
why the item need public perms?

@paolafrancesca commented on GitHub: @JackDallas sorry but it is still not clear where do you set the base url? as `--s3-endpoint` to transfer.sh? what is exactly not working? why the item need public perms?

michael commented

2026-01-19 18:29:31 +00:00

@JackDallas commented on GitHub:

So Digitalocean don't let you set a bucket wide policy it has to be set per item and items are private by default so you have to include the ACL policiy when you upload an item

@JackDallas commented on GitHub: So Digitalocean don't let you set a bucket wide policy it has to be set per item and items are private by default so you have to include the ACL policiy when you upload an item

michael commented

2026-01-19 18:29:31 +00:00

@JackDallas commented on GitHub:

ohhhh,
So I set the base url to be the CDN provided with the bucket for faster access:

https://bucketname.region.digitaloceanspaces.com

So the link given back to the client is a direct one and the item needs public perms, this may not be a use case covered by transfer.sh, I was going to try forking and having a go adding it once I had a chance to understand the aws library

@JackDallas commented on GitHub: ohhhh, So I set the base url to be the CDN provided with the bucket for faster access: `https://bucketname.region.digitaloceanspaces.com` So the link given back to the client is a direct one and the item needs public perms, this may not be a use case covered by transfer.sh, I was going to try forking and having a go adding it once I had a chance to understand the aws library

michael commented

2026-01-19 18:29:31 +00:00

@JackDallas commented on GitHub:

Sorry let me re-phrase

Digital ocean provides a S3 service with built in CDN, so the bucket address is <bucketname>.<region>.digitaloceanspaces.com but the CDN endpoint is on <bucketname>.<region>.cdn.digitaloceanspaces.com.

So my settings are
--s3-endpoint=<bucketname>.<region>.digitaloceanspaces.com
--proxy-path=<bucketname>.<region>.cdn.digitaloceanspaces.com

So the link I get back from transfer.sh is accurate being <bucketname>.<region>.cdn.digitaloceanspaces.com/<randID>/<filename>

But because all Digitalocean buckets default to private the file is un-accessable

@JackDallas commented on GitHub: Sorry let me re-phrase Digital ocean provides a S3 service with built in CDN, so the bucket address is `<bucketname>.<region>.digitaloceanspaces.com` but the CDN endpoint is on `<bucketname>.<region>.cdn.digitaloceanspaces.com. ` So my settings are `--s3-endpoint=<bucketname>.<region>.digitaloceanspaces.com` `--proxy-path=<bucketname>.<region>.cdn.digitaloceanspaces.com` So the link I get back from transfer.sh is accurate being `<bucketname>.<region>.cdn.digitaloceanspaces.com/<randID>/<filename>` But because all Digitalocean buckets default to private the file is un-accessable

michael commented

2026-01-19 18:29:31 +00:00

@paolafrancesca commented on GitHub:

@JackDallas is this still an issue?

@paolafrancesca commented on GitHub: @JackDallas is this still an issue?

michael commented

2026-01-19 18:29:31 +00:00

@paolafrancesca commented on GitHub:

@JackDallas any answer from them to the ticket?

@paolafrancesca commented on GitHub: @JackDallas any answer from them to the ticket?

michael commented

2026-01-19 18:29:31 +00:00

@paolafrancesca commented on GitHub:

@JackDallas now it is clear
there is a question on digitalocean community forum about this issue:
https://www.digitalocean.com/community/questions/how-to-set-spaces-acl-to-public

unluckily no answer. before adding the feature in transfer.sh I would ensure that no solution is given directly on digitalocean side.

have you already opened a ticket/asked them the way to solve?

@paolafrancesca commented on GitHub: @JackDallas now it is clear there is a question on digitalocean community forum about this issue: https://www.digitalocean.com/community/questions/how-to-set-spaces-acl-to-public unluckily no answer. before adding the feature in transfer.sh I would ensure that no solution is given directly on digitalocean side. have you already opened a ticket/asked them the way to solve?

michael commented

2026-01-19 18:29:31 +00:00

@JackDallas commented on GitHub:

I'll open a ticket now to be sure!

I tried put-bucket-acl like the person in that ticket did but no luck, and searched all the docs

@JackDallas commented on GitHub: I'll open a ticket now to be sure! I tried `put-bucket-acl` like the person in that ticket did but no luck, and searched all the docs

michael commented

2026-01-19 18:29:31 +00:00

@JackDallas commented on GitHub:

Really sorry for the delay, the world went a bit crazy and dragged me with it, it seems this is something that can be done on digital ocean it just isn't easy, the feature could be useful if you want to create public files in a default by private bucket, I may re-visit this one day but for now it's not a top priority thing

@JackDallas commented on GitHub: Really sorry for the delay, the world went a bit crazy and dragged me with it, it seems this is something that can be done on digital ocean it just isn't easy, the feature could be useful if you want to create public files in a default by private bucket, I may re-visit this one day but for now it's not a top priority thing

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dutchcoders/transfer.sh#226