问题产生原因:
桶具有公共读写权限,直接访问桶会遍历出桶下所有目录与文件,可能会造成数据泄露。
解决方案:
修改匿名访问策略,需使用mc客户端,对minio进行修改
(高版本可通过自定义策略进行修改)
下载:
wget https://dl.min.io/client/mc/release/linux-amd64/mc
远程连接minio
./mc alias set local http://{ip}:9000 {用户名} {密码}
注:local是别名,随便起
查询当前所有连接信息
./mc alias list
修改匿名桶策略
vim /usr/local/mypolicy.json
{
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"