ECS:无法访问有限数量的对象,HTTP 403

Summary: 有限数量的对象无法访问,HTTP 403。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

 存储区中有限数量的对象无法访问。
返回 HTTP 403。

Cause

  • 对象缺少“READ”权限。
  • 对一组用户具有正确权限的对象示例: 
    admin@seapecsr3n1:/usr/share/s3curl> sudo ./s3curl.pl --id prod -- http://xxxx.com:9020/dsa-prod-jpg-master/216/80/611508612.jpg?acl | xmllint --format -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   646  100   646    0     0   8190      0 --:--:-- --:--:-- --:--:--  8282
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>dsa-prod</ID>
    <DisplayName>dsa-prod</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>dsa-prod</ID>
        <DisplayName>dsa-prod</DisplayName>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
        <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
      </Grantee>
      <Permission>READ</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>
  • 对象权限不正确的示例: 
    admin@seapecsr3n1:/usr/share/s3curl> sudo ./s3curl.pl --id prod -- http://xxxx.com:9020/dsa-prod-jpg-master/272/35/642253272.jpg?acl | xmllint --format -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   454  100   454    0     0   2072      0 --:--:-- --:--:-- --:--:--  2082
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>dsa-prod</ID>
    <DisplayName>dsa-prod</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>dsa-prod</ID>
        <DisplayName>dsa-prod</DisplayName>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>
	
	 

Resolution

  • 向对象添加正确的权限。
  • 为单个对象添加“READ”权限的示例(基本 URL): 
    curl -X PUT http://xxxx.com:9020/dsa-prod-jpg-master/272/35/642253272.jpg?acl -H "x-amz-grant-full-control: READ"
  • 有关其他方法,请参阅以下 AWS 文章: 
    https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUTacl.html
	
	 

Affected Products

ECS Appliance

Products

ECS Appliance, ECS Appliance Hardware Gen1 U-Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption
Article Properties
Article Number: 000030765
Article Type: Solution
Last Modified: 02 July 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.