published 2025-06-06
How to Hide File Listings but Allow Public Downloads in MinIO?
l-youThis guide was created for MinIO release RELEASE.2025-05-24T17-08-30Z which is the latest version tag available at the moment of publication.
Step 1: Create bucket alias
bash
mc alias set myminio https://minio.example.com YOUR_ACCESS_KEY YOUR_SECRET_KEY
mc mb myminio/public
Step 2: Set the bucket policy have a public read-only access
bash
mc anonymous set download myminio/public
This does the following: - Allows listing files in the bucket. - Allows downloading any file.
Step 3: Edit the bucket policy JSON
First, run the following command to get the current JSON policy created by the previous step.
bash
mc anonymous get-json myminio/public
The output will look like the following: “That’s the policy defined by the ‘download’ preset.
json
{
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3::: public"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3::: public/*"
]
}
],
"Version": "2012-10-17"
}
The line that allows anyone to list the files available in bucket is s3:ListBucket in the ‘Action’ property. Just remove it and upload the policy again with the following command.
bash
mc anonymous set-json /path-to-your-edited-json-policy.json myminio/public
Where file /path-to-your-edited-json-policy.json contains the edited version of your policy.
json
{
"Statement": [
{
"Action": [
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3::: public"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::public/*"
]
}
],
"Version": "2012-10-17"
}
Step 4: Verify listings are hidden
Open the root of your MinIO S3 endpoint. For example ‘youbucket.s3.yourdomain.com’. If you get an XML-formatted error saying ‘Access Denied’, then everything is working as expected!