Publicly Accessible OSS Objects

01 Sign in to your Alibaba Cloud account.

02 Navigate to Object Storage Service (OSS) console available at https://oss.console.aliyun.com/overview.

03 In the left navigation panel, under Object Storage Service (OSS), choose Buckets.

04 Click on the name (link) of the OSS bucket that you want to examine.

05 In the bucket navigation panel, under Object Management, choose Objects.

06 Choose the OSS object that you want to examine and select View Details.

07 Check the Object ACL attribute value to determine the level of access configured for the selected object via object ACL:

1. If the Object ACL value is set to Public Read or Public Read/Write, the selected OSS object is considered publicly accessible.
2. If the Object ACL value is set to Inherited from Bucket, the ACL of the object is the same as the ACL of the bucket in which the object is stored. To verify the ACL configured for your bucket, choose Permission Control from the bucket navigation panel, select ACL, and check the Bucket ACL configuration setting to determine the level of access configured for your bucket. If Bucket ACL is not set to Private, the OSS bucket is publicly accessible, therefore the selected OSS object is also considered publicly accessible.

08 Repeat steps no. 6 and 7 for each OSS object that you want to examine, stored within the selected OSS bucket.

09 Repeat steps no. 4 - 8 for each OSS bucket available within your Alibaba Cloud account.

01 Install and configure ossutil. ossutil is a command-line tool for Alibaba Cloud's Object Storage Service (OSS).

02 Run ls command (macOS/Linux/Windows) to list the OSS buckets available in your Alibaba Cloud account:

ossutil ls -s

03 The command output should return the name of each object available in the selected bucket:

oss://tm-project-data-bucket
oss://tm-trail-logs-bucket
oss://tm-web-app-utils
oss://tm-audit-logs-repo
Bucket Number is: 4

0.235205(s) elapsed

04 Run ls command (macOS/Linux/Windows) to list all the objects stored within the specified OSS bucket:

ossutil ls oss://tm-project-data-bucket

05 The command output should return the name of each object available in the selected bucket:

oss://tm-project-data-bucket/tm-project-files.zip
oss://tm-project-data-bucket/tm-project-config.yaml
oss://tm-project-data-bucket/tm-project-access-logs.zip

06 Run stat command (macOS/Linux/Windows) to describe the configuration metadata available for the selected OSS object:

ossutil stat oss://tm-project-trail-bucket/tm-project-files.zip

07 The command output should return the requested configuration information (including the ACL configured for the object):

ACL                   : public-read-write
Accept-Ranges         : bytes
Content-Length        : 2108860
Content-Md5           : abcd1234abcd1234abcd1234
Content-Type          : application/zip
Etag                  : ABCDABCDABCDABCDABCDABCDABCDABCD
Last-Modified         : 2024-02-21 11:06:33 +0000 UTC
Owner                 : 1234567890123456
X-Oss-Object-Type     : Normal
X-Oss-Storage-Class   : Standard

08 Run stat command (macOS/Linux/Windows) to describe the configuration metadata available for the selected OSS bucket:

ossutil stat oss://tm-project-data-bucket

09 The command output should return the requested configuration information (including the ACL configured for the bucket):

Name                  : tm-project-data-bucket
Location              : oss-eu-west-1
CreationDate          : 2024-02-02 09:45:38 +0000 UTC
ExtranetEndpoint      : oss-eu-west-1.aliyuncs.com
IntranetEndpoint      : oss-eu-west-1-internal.aliyuncs.com
ACL                   : public-read
Owner                 : 1234567890123456
StorageClass          : Standard
RedundancyType        : LRS
TransferAcceleration  : Disabled
CrossRegionReplication: Disabled
AccessMonitor         : Disabled

10 Repeat steps no. 6 - 9 for each OSS object that you want to examine, stored within the selected OSS bucket.

11 Repeat steps no. 4 - 10 for each OSS bucket available within your Alibaba Cloud account.

01 Sign in to your Alibaba Cloud account.

02 Navigate to Object Storage Service (OSS) console available at https://oss.console.aliyun.com/overview.

03 In the left navigation panel, under Object Storage Service (OSS), choose Buckets.

04 Click on the name (link) of the OSS bucket that you want to access.

05 In the bucket navigation panel, under Object Management, choose Objects.

06 Choose the OSS object that you want to configure and select View Details.

07 On the View Details panel, choose Set ACL next to Object ACL to modify the level of access configured for the selected object via object ACL.

08 On the Set ACL panel, select Private next to ACL, and choose OK to apply the changes. Once the ACL settings are applied, only the bucket owner or authorized users can perform read and write operations on the selected object.

09 Repeat steps no. 6 - 8 for each OSS object that you want to configure, available in the selected OSS bucket.

10 Repeat steps no. 4 - 9 for each OSS bucket available within your Alibaba Cloud account.

01 Install and configure ossutil. ossutil is a command-line tool for Alibaba Cloud's Object Storage Service (OSS).

02 Run set-acl command (macOS/Linux/Windows) to set the Access Control List (ACL) to private for the specified OSS object. Once the ACL settings are saved, only the bucket owner or authorized users can perform read and write operations on the selected object:

ossutil set-acl oss://tm-project-data-bucket/tm-project-files.zip private

03 If the operation is successful, the command output should return the execution time, e.g.:

0.224380(s) elapsed

04 Repeat steps no. 2 and 3 for each OSS object that you want to configure, available in the selected OSS bucket.

05 Repeat steps no. 2 - 4 for each OSS bucket available within your Alibaba Cloud account.