diff --git a/setup/client/Dockerfile b/setup/client/Dockerfile
new file mode 100644
index 0000000..3caf09a
--- /dev/null
+++ b/setup/client/Dockerfile
@@ -0,0 +1,5 @@
+FROM alpine:edge
+
+RUN echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing">>/etc/apk/repositories && apk add --update --no-cache py3-pip minio-client && pip3 install minio==7.1.1
+
+WORKDIR /client
\ No newline at end of file
diff --git a/setup/client/client.py b/setup/client/client.py
new file mode 100644
index 0000000..e990ccb
--- /dev/null
+++ b/setup/client/client.py
@@ -0,0 +1,54 @@
+from minio import Minio
+from minio.error import S3Error
+
+users = {
+	# create manually
+	"asdf": "fjsgJ78y9GRCsiq",
+	# via setup.sh
+	"group0": "fjsgJ78y9GRCsiq", 
+	"group1": "sdfsdfsdfg46RCsiq",
+	"group2": "409z8jdfhj45jz",
+	#"group3": "rtpihn80435hg9r",
+}
+clients = {key: Minio("minio:9000", access_key=key, secret_key=users[key], secure=False) for key in users}
+root = clients["asdf"]
+
+for user in clients:
+	client = clients[user]
+	print(f"* {user}")
+	for bucket in client.list_buckets():
+		print(f"\t{bucket.name}, {bucket.creation_date}")
+
+if not root.bucket_exists("roots-bucket"):
+	print("== make buckets ==")
+	root.make_bucket("roots-bucket")
+	root.make_bucket("proj-group4545")
+	#for i in range(4):
+		#root.make_bucket(f"group{i}")
+
+for user in clients:
+	client = clients[user]
+	print(f"* {user}")
+	client.make_bucket(f"proj-{user}-foo")
+		
+print(" == check again == ")
+
+for user in clients:
+	client = clients[user]
+	print(f"* {user}")
+	for bucket in client.list_buckets():
+		print(f"\t{bucket.name}, {bucket.creation_date}")
+
+print(" == try access == ")
+
+for user in clients:
+	client = clients[user]
+	print(f"* {user}")
+	for bucket in client.list_buckets():
+		print(f"\t* {bucket.name}, {bucket.creation_date}")
+		try:
+			for obj in client.list_objects(bucket.name):
+				print(f"\t\t* {obj}")
+			client.fput_object(bucket.name, "testupoload", "Dockerfile")
+		except S3Error as e:
+			print("\t\t", e)
\ No newline at end of file
diff --git a/setup/client/proj_policy.json b/setup/client/proj_policy.json
new file mode 100644
index 0000000..3426972
--- /dev/null
+++ b/setup/client/proj_policy.json
@@ -0,0 +1,21 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetBucketLocation",
+                "s3:ListAllMyBuckets"
+            ],
+            "Resource": [
+                "arn:aws:s3:::*"
+            ]
+        },
+    {
+       "Sid": "AllowAllS3ActionsInUserFolder",
+       "Action":["s3:*"],
+       "Effect":"Allow",
+       "Resource": ["arn:aws:s3:::proj-${aws:username}*"]
+    }
+    ]
+}
\ No newline at end of file
diff --git a/setup/client/requirements.txt b/setup/client/requirements.txt
new file mode 100644
index 0000000..c5edac7
--- /dev/null
+++ b/setup/client/requirements.txt
@@ -0,0 +1 @@
+minio==7.1.1
\ No newline at end of file
diff --git a/setup/client/setup.sh b/setup/client/setup.sh
new file mode 100644
index 0000000..259af68
--- /dev/null
+++ b/setup/client/setup.sh
@@ -0,0 +1,12 @@
+alias mc=mcli
+mc alias set foobar http://minio:9000 asdf fjsgJ78y9GRCsiq
+
+mc admin user add foobar group0 fjsgJ78y9GRCsiq
+mc admin user add foobar group1 sdfsdfsdfg46RCsiq
+mc admin user add foobar group2 409z8jdfhj45jz
+
+mc admin policy add foobar proj_policy proj_policy.json
+
+mc admin policy set foobar proj_policy user=group0
+mc admin policy set foobar proj_policy user=group1
+mc admin policy set foobar proj_policy user=group2
\ No newline at end of file
diff --git a/setup/docker-compose.yml b/setup/docker-compose.yml
new file mode 100644
index 0000000..a6b3e2c
--- /dev/null
+++ b/setup/docker-compose.yml
@@ -0,0 +1,31 @@
+version: '3'
+services:
+ minio:
+  image: minio/minio
+  command: server /data --console-address ":9001"
+  networks:
+   - frontend
+   - default
+#  ports:
+#   - 9000:9000
+#   - 9001:9001
+  volumes:
+   - ./data/minio/:/data
+  labels:
+   - "traefik.enable=true"
+   - "traefik.docker.network=traefik_net"
+   # api
+   - "traefik.minio.frontend.rule=Host:minio.dev"
+   - "traefik.minio.port=9000"
+   # dashboard
+   - "traefik.minio-dashboard.frontend.rule=Host:minio-dashboard.dev"
+   - "traefik.minio-dashboard.port=9001"
+  env_file: project.env
+ client:
+  build: client
+  volumes:
+   - ./client:/client/
+networks:
+ frontend:
+  external:
+   name: traefik_net
\ No newline at end of file
diff --git a/setup/project.env b/setup/project.env
new file mode 100644
index 0000000..97ff426
--- /dev/null
+++ b/setup/project.env
@@ -0,0 +1,2 @@
+MINIO_ROOT_USER=asdfrzrrfgh
+MINIO_ROOT_PASSWORD=rbht9ue5hzhnfgi
\ No newline at end of file