S3 allowing public access to backup folder by default #15

Closed
jturolla opened this Issue Jan 23, 2013 · 5 comments

2 participants

@jturolla

Hello,

My S3 bucket is allowing public access to the backup folder by default, is it related to this gem? I know I can create a bucket policy to limit access only for my user and heroku key/secret.

I think lots of people using this gem will have this issue it would be interesting for the gem to upload backups with the right permissions.

I'm trying to build a bucket policy for that and I'll post it here later.

@ghost

That would be great addition.

@jturolla

Help from someone who knows S3 bucket policies well is appreciated.

@jturolla

The issue seems to be related to the ACL permissions. The default ACL permission for a file uploaded by the S3 gem (and others) is public.
There is a way to change the ACL permissions right when uploading, but the only way I found to do this is to edit this method:

   def HerokuMongoBackup::s3_upload(bucket, filename)
      object = bucket.objects.build("backups/#{filename}")
      object.content = open(filename)
      object.save
      object.copy(:key => "backups/#{filename}", :bucket => bucket, :acl => :private)
    end

adding the .copy with :acl.

I'm not sure if we can build with an specific acl, nor if this copy will replace the file.

I'm gonna finish some testing and send a pull request when I find a solution.

@ghost

Thanks for looking into this. If the acl was configurable through an environment variable, similar to the backup bucket variable, but could still default to public, then the upgrade to this change would be seamless.

@jturolla

awesome. I'll send a pull request until the end of the week.

@aarti

The latest commit 134dbd7 fixes this issue. The issue can be closed.

@jturolla

cool.

@jturolla jturolla closed this May 18, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment