Shared directory with full access

Hi. Is it possible to share a directory with full acces for worldwide use but without having to register for all users?

I will spend some place for my friends so they can upload some videos.

Yes.

  1. Create a bucket: with uplink or AWS CLI or object browser
  2. Share a bucket either with a satellite UI or with uplink CLI, but I would recommend to give your users an AWS keys - this way they will not be able to generate an own access grants, so register this access grant on Gateway-MT via satellite UI or with Uplink CLI

With these AWS keys they would be able to setup any S3-compatible tool.

However, why do not register? It’s free and anyone can share with others what they want.

Hm - I want to give them the opportunity to upload videos without registering or login and to list and play the existing videos.

Check this doc for sharing an object via an access grant: https://docs.storj.io/dcs/getting-started/quickstart-uplink-cli/sharing-your-first-object/generate-access

Sharing a folder (or entire bucket) is similar. Just set the shared path to the folder, not to the object, e.g.

uplink share --readonly=false sj://videos/folder-for-my-friends

Then you can give this access grant to your friends. They can use it in tools to upload files, list the folder, and download and view files.

Yes but i cant use this by browser directly?

No. Unless you would host some kind of server to make it possible.

Ok tnx ---- some caracters

They can use an Objects browser though. But it will require to have an account on the satellite.

Listing and downloading in the browser is possible via the linksharing services.

The URL would like like: https://link.us1.storjshare.io/s/shared-access-grant/videos/folder-for-my-friends/

They could even stream the videos directly from the browser.

For uploads, they would need to use some tool, like the Uplink CLI, Rclone, or FileZilla. They don’t need an account, just that same access grant.

You can use the Self-hosted S3 Compatible Gateway - Storj DCS and publish it…

http://localhost:7777 will give you a UI.
Just configure it with a limited access grant, but please not the root one (with full access to entire project).

Here is an example folder with videos shared on the linksharing service: videos | Storj DCS

Please, do not do that - do not use an access grant directly, register it on Gateway-MT first and use the generated URL from the uplink share --url or at least from the Objects browser.

The access grant will give an encryption key and API key, if you accidentally share the root access - all your project can be compromised or abused.

The idea was to share with friends. I don’t see it to be such a drama to give them an access grant that has the encryption key for just that folder.

1 Like

They can re-share further. Or just publish it accidentally somewhere without any evil intention.
I would think about security first. Sorry :man_shrugging:
The past (Senior QA) have an influence on me…

They could re-share the S3 credentials too. What’s the difference?

From the AWS creds you cannot generate a new creds. If they have only half of the key (in the URL), they would not be able to use it in any way, except downloads.

With full creds directly in URL (in case of access grant) they would have a full access and can generate a new one

But you can still give them to someone else.

On the other hand, when you share a new access grant from the one you have, it can be only more restricted, i.e. with less permission than the original one.

For read-only scenarios, access grants can be read-only too.

True

True

So, lets @web4yougmbhch to decide :slight_smile:

But if you would revoke the original access grant, would that also invalidate the similarly or more restrictive access grants created by others based on that?

Edit: Never mind, found the answer. Practical Application of Storj DCS Edge-based Privacy in Your Application

Note that revoking an Access Grant adds that Access Grant to a revocation list and invalidates the Access Grant and any child Access Grant derived from the Access Grant that has been revoked.

1 Like