Can't view or alter Share Publicly property from Google Storage Manager

[Mosiah]

I own a bucket, which I share with other members of my team.  Normally I can view and set the Share Publicly attribute, but when one of my team members uploads new files, or overwrites files that I've previously uploaded, I can't do either of the following:

1. Tell if they have been shared publicly (the checkmark is white and stays that way, even if my teammates sees it as green from his account)

2. Update the Shared Publicly property (clicking it does nothing)

This is of course from the online Google Storage manager. My team members experience the same problems when I am the one who uploaded the files.

Is this a bug? Or some bizarre feature? Any workaround or fix in the works?

[Sarah Northway]

Did you or anyone ever solve this odd behavior/bug? I'm getting the same thing one year later. 

I created a bucket through sandbox.google.com/storage, and upload a file to it from my App Engine app (which appears to be treated as a team member) with a public-read ACL. When I refresh sandbox.google.com/storage I can see the new file there, but the "Share Publicly" checkbox appears to be in the "false" state, and clicking on it has no effect. 

I'm having trouble downloading the file publicly so it would be helpful to be able to verify the actual state of that checkbox. It appears I'd need to login to google.com as my App Engine app to be able to do that though...?

- Sarah

[Google Storage Team]

Hi Sarah,

When creating an object, the public-read predefined ACL gives the requester (in this case your App Engine app) full control and all others get read permission. I suspect that's why you can't manipulate sharing via the web UI (because you don't have full control on the object created by your app). I'm not sure why you wouldn't be able to download the object publicly, however - that seems surprising.

One way to dig deeper is to install the gsutil tool and run 'gsutil getacl gs://your-bucket/your-object'. That will enable you to view an XML representation of the ACL associated with the object in question. If it was successfully created with public-read, you should see one entry granting your app's service account full control (I'm assuming you're using the App Engine Files API) and another entry granting read access to "AllUsers".

Let me know (via gs-...@google.com) what you're seeing in the ACL and also what exactly you're trying to accomplish (grant your team full control + public readability?) and we'll get to the bottom of this.

Thanks,

Marc

Google Cloud Storage Team

--
You received this message because you are subscribed to the Google Groups "Google Cloud Storage" group.
To view this discussion on the web visit https://groups.google.com/d/msg/gs-discussion/-/Yd4T5wg2LEQJ.
To post to this group, send email to gs-dis...@googlegroups.com.
To unsubscribe from this group, send email to gs-discussio...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/gs-discussion?hl=en.

[Hakim]

Hi,

I wonder if someone has corrected the issue described here:

https://groups.google.com/forum/?fromgroups=#!searchin/gs-discussion/app$20engine$20public$20acl/gs-discussion/-aQISyaeeFo/DZgYhj1mPc0J

when trying to get the ACL of the object I've created from my App Engine application that I've granted as the owner of the project, I get that:

$ gsutil getacl gs://mybucket/3c3765c2e7d4bfe6320c54fa4c8538dc.png

GSResponseError: status=403, code=AccessDenied, reason=Forbidden.

$ gsutil ls -L gs://mybucket/3c3765c2e7d4bfe6320c54fa4c8538dc.png

gs://bladypress/3c3765c2e7d4bfe6320c54fa4c8538dc.png:

        Creation time:  Mon, 31 Dec 2012 00:17:06 GMT

        Cache-Control:  public, max-age=3600, no-transform

        Content-Length: 30317

        Content-Type:   image/png

        ETag:           3df68afeffcba39dbfdf568d78bb4c72

        ACL:            ACCESS DENIED. Note: you need FULL_CONTROL permission

                        on the object to read its ACL.

TOTAL: 1 objects, 30317 bytes (29.61 KB)

I should tell you also that I've noticed a 404 status on Firebug console when trying to make the uploaded file public from the cloud storage manager (see the attached image).

thanks for your help,

[Erick Fejta]

Hi Hakim, check out http://stackoverflow.com/questions/14130328/gsutil-does-not-have-access-to-object-created-in-app-engine. I suspect the bucket's default object acl does not grant you full control to new objects. The result is that the app's service account has full control and you have no (or just read) access.

--