ECS. Ограниченное количество объектов недоступно, HTTP 403

Summary: Ограниченное количество объектов недоступно, HTTP 403.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

 Ограниченное количество объектов в контейнере недоступно.
Возвращается HTTP 403.

Cause

  • У объекта отсутствуют права «READ».
  • Пример объекта с правильными правами доступа для группы пользователей: 
    admin@seapecsr3n1:/usr/share/s3curl> sudo ./s3curl.pl --id prod -- http://xxxx.com:9020/dsa-prod-jpg-master/216/80/611508612.jpg?acl | xmllint --format -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   646  100   646    0     0   8190      0 --:--:-- --:--:-- --:--:--  8282
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>dsa-prod</ID>
    <DisplayName>dsa-prod</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>dsa-prod</ID>
        <DisplayName>dsa-prod</DisplayName>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
        <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
      </Grantee>
      <Permission>READ</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>
  • Пример неправильных разрешений объекта: 
    admin@seapecsr3n1:/usr/share/s3curl> sudo ./s3curl.pl --id prod -- http://xxxx.com:9020/dsa-prod-jpg-master/272/35/642253272.jpg?acl | xmllint --format -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   454  100   454    0     0   2072      0 --:--:-- --:--:-- --:--:--  2082
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <Owner>
    <ID>dsa-prod</ID>
    <DisplayName>dsa-prod</DisplayName>
  </Owner>
  <AccessControlList>
    <Grant>
      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
        <ID>dsa-prod</ID>
        <DisplayName>dsa-prod</DisplayName>
      </Grantee>
      <Permission>FULL_CONTROL</Permission>
    </Grant>
  </AccessControlList>
</AccessControlPolicy>
	
	 

Resolution

  • Добавьте правильные разрешения для объекта.
  • Пример (базовый url) добавления разрешений "READ" для одного объекта: 
    curl -X PUT http://xxxx.com:9020/dsa-prod-jpg-master/272/35/642253272.jpg?acl -H "x-amz-grant-full-control: READ"
  • Дополнительные методы см. в следующей статье AWS: 
    https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPUTacl.html
	
	 

Affected Products

ECS Appliance

Products

ECS Appliance, ECS Appliance Hardware Gen1 U-Series, ECS Appliance Software with Encryption, ECS Appliance Software without Encryption
Article Properties
Article Number: 000030765
Article Type: Solution
Last Modified: 02 Jul 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.