.. | ||
README.md |
Minio Multi-user Quickstart Guide
Minio supports multiple long term users in addition to default user created during server startup. New users can be added after server starts up, and server can be configured to deny or allow access to buckets and resources to each of these users. This document explains how to add/remove users and modify their access rights.
Get started
In this document we will explain in detail on how to configure multiple users.
1. Prerequisites
- Install mc - Minio Client Quickstart Guide
- Install Minio - Minio Quickstart Guide
2. Create a new user with canned policy
Use mc admin policies
to create canned policies. Server provides a default set of canned policies namely writeonly
, readonly
and readwrite
(these policies apply to all resources on the server). These can be overridden by custom policies using mc admin policies
command.
Create new canned policy file getonly.json
. This policy enables users to download all objects under my-bucketname
.
cat > getonly.json << EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucketname/*"
],
"Sid": ""
}
]
}
EOF
Create new canned policy by name getonly
using getonly.json
policy file.
mc admin policies add myminio getonly getonly.json
Create a new user newuser
on Minio use mc admin users
, specify getonly
canned policy for this newuser
.
mc admin users add myminio newuser newuser123 getonly
3. Disable user
Disable user newuser
.
mc admin users disable myminio newuser
4. Remove user
Remove the user newuser
.
mc admin users remove myminio newuser
5. Change user policy
Change the policy for user newuser
to putonly
canned policy.
mc admin users policy myminio newuser putonly
5. List all users
List all enabled and disabled users.
mc admin users list myminio
6. Configure mc
mc config host add myminio-newuser http://localhost:9000 newuser newuser123 --api s3v4
mc cat myminio-newuser/my-bucketname/my-objectname