diff --git a/weed/s3api/s3api_acp.go b/weed/s3api/s3api_acp.go
index 535bb3489..e69597ed0 100644
--- a/weed/s3api/s3api_acp.go
+++ b/weed/s3api/s3api_acp.go
@@ -33,7 +33,7 @@ func (s3a *S3ApiServer) checkAccessByOwnership(r *http.Request, bucket string) s
 func (s3a *S3ApiServer) ExtractBucketAcp(r *http.Request, objectOwnership string) (owner string, grants []*s3.Grant, errCode s3err.ErrorCode) {
 	accountId := s3acl.GetAccountId(r)
 
-	if objectOwnership == s3_constants.OwnershipBucketOwnerEnforced {
+	if objectOwnership == "" || objectOwnership == s3_constants.OwnershipBucketOwnerEnforced {
 		return accountId, []*s3.Grant{
 			{
 				Permission: &s3_constants.PermissionFullControl,
diff --git a/weed/s3api/s3api_bucket_handlers.go b/weed/s3api/s3api_bucket_handlers.go
index f1a747797..c1a4888e4 100644
--- a/weed/s3api/s3api_bucket_handlers.go
+++ b/weed/s3api/s3api_bucket_handlers.go
@@ -123,9 +123,6 @@ func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request)
 	}
 
 	objectOwnership := r.Header.Get("ObjectOwnership")
-	if objectOwnership == "" {
-		objectOwnership = s3_constants.DefaultOwnershipForCreate
-	}
 	acpOwner, acpGrants, errCode := s3a.ExtractBucketAcp(r, objectOwnership)
 	if errCode != s3err.ErrNone {
 		s3err.WriteErrorResponse(w, r, errCode)
@@ -138,6 +135,8 @@ func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request)
 				entry.Extended = make(map[string][]byte)
 			}
 			entry.Extended[s3_constants.AmzIdentityId] = []byte(identityId)
+		}
+		if objectOwnership != "" {
 			entry.Extended[s3_constants.ExtOwnershipKey] = []byte(objectOwnership)
 		}
 		s3acl.AssembleEntryWithAcp(entry, acpOwner, acpGrants)