diff --git a/docs/content/s3.md b/docs/content/s3.md
index 5c25687e6..57df4c190 100644
--- a/docs/content/s3.md
+++ b/docs/content/s3.md
@@ -233,7 +233,13 @@ credentials then S3 interaction will be non-authenticated (see below).
 Here are the command line options specific to this cloud storage
 system.
 
-#### ----s3-storage-class ####
+#### --s3-acl=STRING ####
+
+Canned ACL used when creating buckets and/or storing objects in S3.
+
+For more info visit the [canned ACL docs](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl).
+
+#### --s3-storage-class=STRING ####
 
 Storage class to upload new objects with.
 
diff --git a/s3/s3.go b/s3/s3.go
index 9c56596ff..08da61f0e 100644
--- a/s3/s3.go
+++ b/s3/s3.go
@@ -210,6 +210,7 @@ const (
 // Globals
 var (
 	// Flags
+	s3ACL          = pflag.StringP("s3-acl", "", "", "Canned ACL used when creating buckets and/or storing objects in S3")
 	s3StorageClass = pflag.StringP("s3-storage-class", "", "", "Storage class to use when uploading S3 objects (STANDARD|REDUCED_REDUNDANCY|STANDARD_IA)")
 )
 
@@ -367,7 +368,7 @@ func NewFs(name, root string) (fs.Fs, error) {
 		c:                  c,
 		bucket:             bucket,
 		ses:                ses,
-		acl:                fs.ConfigFile.MustValue(name, "acl"),
+		acl:                fs.ConfigFile.MustValue(name, "acl", *s3ACL),
 		root:               directory,
 		locationConstraint: fs.ConfigFile.MustValue(name, "location_constraint"),
 		sse:                fs.ConfigFile.MustValue(name, "server_side_encryption"),