S3 allowing public access to backup folder by default #15

jturolla opened this Issue Jan 23, 2013 · 5 comments

2 participants



My S3 bucket is allowing public access to the backup folder by default, is it related to this gem? I know I can create a bucket policy to limit access only for my user and heroku key/secret.

I think lots of people using this gem will have this issue it would be interesting for the gem to upload backups with the right permissions.

I'm trying to build a bucket policy for that and I'll post it here later.


That would be great addition.


Help from someone who knows S3 bucket policies well is appreciated.


The issue seems to be related to the ACL permissions. The default ACL permission for a file uploaded by the S3 gem (and others) is public.
There is a way to change the ACL permissions right when uploading, but the only way I found to do this is to edit this method:

   def HerokuMongoBackup::s3_upload(bucket, filename)
      object = bucket.objects.build("backups/#{filename}")
      object.content = open(filename)
      object.copy(:key => "backups/#{filename}", :bucket => bucket, :acl => :private)

adding the .copy with :acl.

I'm not sure if we can build with an specific acl, nor if this copy will replace the file.

I'm gonna finish some testing and send a pull request when I find a solution.


Thanks for looking into this. If the acl was configurable through an environment variable, similar to the backup bucket variable, but could still default to public, then the upgrade to this change would be seamless.


awesome. I'll send a pull request until the end of the week.


The latest commit 134dbd7 fixes this issue. The issue can be closed.



@jturolla jturolla closed this May 18, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment