defacl - Get, set, or change default ACL on buckets
Synopsis
gsutil defacl set file-or-canned_acl_name url... gsutil defacl get url gsutil defacl ch -u|-g|-d <grant>... url...
Description
The defacl command has three sub-commands:
Set
The “defacl set” command sets default object ACLs for the specified buckets. If you specify a default object ACL for a certain bucket, Google Cloud Storage applies the default object ACL to all new objects uploaded to that bucket.
Similar to the “acl set” command, the file-or-canned_acl_name names either a canned ACL or the path to a file that contains ACL text. (See gsutil help acl for examples of editing and setting ACLs via the acl command.)
If you don’t set a default object ACL on a bucket, the bucket’s default object ACL will be project-private.
Setting a default object ACL on a bucket provides a convenient way to ensure newly uploaded objects have a specific ACL, and avoids the need to back after the fact and set ACLs on a large number of objects for which you forgot to set the ACL at object upload time (which can happen if you don’t set a default object ACL on a bucket, and get the default project-private ACL).
Get
Gets the default ACL text for a bucket, which you can save and edit for use with the “defacl set” command.
Ch
The “defacl ch” (or “defacl change”) command updates the default object access control list for a bucket. The syntax is shared with the “acl ch” command, so see the “CH” section of gsutil help acl for the full help description.
Ch Examples
Add the user john . doe @ example . com to the default object ACL on bucket example-bucket with READ access:
gsutil defacl ch -u [email protected]:READ gs://example-bucket
Add the group admins @ example . com to the default object ACL on bucket example-bucket with OWNER access:
gsutil defacl ch -g [email protected]:O gs://example-bucket