The OpenStack Object Storage service provides the swift command-line interface (CLI) that enables you to gather statistics, list items, update metadata, upload, download, and delete files. This client is based on the native swift client library, client.py, which seamlessly re-authenticates if the current token expires during processing, retries operations multiple times, and provides a processing concurrency of 10. Users have roles on accounts. For example, the admin role enables full access to all containers and objects in an account. You can set access control lists (ACLs) are set at the container level and support lists for read and write access, which are set with the X-Container-Read and X-Container-Write header respectively. You can use the swift client to set the ACLs by using the post subcommand with the -r parameter for the read access and -w option for the write access. The following example enables the testuser user to read objects in the container: $ swift post -r 'testuser' You can also use this command with a list of users. If you use the StaticWeb middleware to enable OpenStack Object Storage to serve public web content, be aware of the ACL syntax for managing allowed referrers. The syntax is .r: followed by a list of allowed referrers. For example, the following command gives object access to all referring domains access: $ swift post -r '.r:*'