manual/deploy_pro/setup_with_amazon_s3.md does not list required permissions #309
Labels
enhancement
New feature or request
Comments
|
I think it is better to grant a general write permission to Seafile. |
I hope the rest of this software isn't written with that sort of frame of mind. That's a very dangerous idea when talking about something intended to be exposed to the internet. Should someone compromize the installation it'll be trivial for them to locate the IAM credentials used for S3 access, so the access granted by those credentials should be as minimal as possible. For example, said attacker could enable website hosting out of the bucket, change the bucket policy, and use it to serve out a phishing website from inside my S3 bucket. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This page should describe the required S3 actions, so that we can write an appropriate IAM or Bucket policy instead of having to guess, or grant more permissions than is required for the application to function.
For example, it's obvious that
PutObjectwould be required - but what about other actions likelistBucketorListMultiRegionAccessPoints?The text was updated successfully, but these errors were encountered: