diff --git a/weed/s3api/s3api_acp.go b/weed/s3api/s3api_acp.go
index c099b5e12..5fdec0397 100644
--- a/weed/s3api/s3api_acp.go
+++ b/weed/s3api/s3api_acp.go
@@ -402,7 +402,7 @@ func getObjectEntry(s3a *S3ApiServer, bucket, object string) (*filer_pb.Entry, e
 func (s3a *S3ApiServer) ExtractBucketAcp(r *http.Request, objectOwnership string) (owner string, grants []*s3.Grant, errCode s3err.ErrorCode) {
 	accountId := s3acl.GetAccountId(r)
 
-	if objectOwnership == s3_constants.OwnershipBucketOwnerEnforced {
+	if objectOwnership == "" || objectOwnership == s3_constants.OwnershipBucketOwnerEnforced {
 		return accountId, []*s3.Grant{
 			{
 				Permission: &s3_constants.PermissionFullControl,
diff --git a/weed/s3api/s3api_bucket_handlers.go b/weed/s3api/s3api_bucket_handlers.go
index 57a1ea5e0..159f5b7bc 100644
--- a/weed/s3api/s3api_bucket_handlers.go
+++ b/weed/s3api/s3api_bucket_handlers.go
@@ -124,9 +124,6 @@ func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request)
 	}
 
 	objectOwnership := r.Header.Get("ObjectOwnership")
-	if objectOwnership == "" {
-		objectOwnership = s3_constants.DefaultOwnershipForCreate
-	}
 	acpOwner, acpGrants, errCode := s3a.ExtractBucketAcp(r, objectOwnership)
 	if errCode != s3err.ErrNone {
 		s3err.WriteErrorResponse(w, r, errCode)
@@ -139,6 +136,8 @@ func (s3a *S3ApiServer) PutBucketHandler(w http.ResponseWriter, r *http.Request)
 				entry.Extended = make(map[string][]byte)
 			}
 			entry.Extended[s3_constants.AmzIdentityId] = []byte(identityId)
+		}
+		if objectOwnership != "" {
 			entry.Extended[s3_constants.ExtOwnershipKey] = []byte(objectOwnership)
 		}
 		s3acl.AssembleEntryWithAcp(entry, acpOwner, acpGrants)