New issue 188 by jon.ri...@gmail.com: Can't mount bucket despite
FULL_CONTROL in ACL.
http://code.google.com/p/s3fs/issues/detail?id=188
Detailed description of observed behavior:
Despite having FULL_CONTROL in the ACL of a bucket I don't own, I'm seeing
the following (note bucket name is changed to protect the innocent):
jriehl@prime:~$ s3fs otherguysbucket mnt
s3fs: bucket "otherguysbucket" is not part of the service specified by the
credentials
===================================================================
The following information is very important in order to help us to help
you. Omission of the following details may delay your support request or
receive no attention at all.
===================================================================
Version of s3fs being used (s3fs --version):
1.35
Version of fuse being used (pkg-config --modversion fuse):
2.8.4
System information (uname -a):
Linux prime 2.6.38-8-virtual #42-Ubuntu SMP Mon Apr 11 04:06:34 UTC 2011
x86_64 x86_64 x86_64 GNU/Linux
Distro (cat /etc/issue):
Ubuntu 11.04 \n \l
s3fs command line used (if applicable):
/etc/fstab entry (if applicable):
s3fs syslog messages (grep s3fs /var/log/syslog):
Nothing for this particular problem...
jriehl@prime:~$ date
Wed May 18 22:42:40 UTC 2011
jriehl@prime:~$ s3fs otherguysbucket mnt
s3fs: bucket "otherguysbucket" is not part of the service specified by the
credentials
jriehl@prime:~$ sudo grep s3fs /var/log/syslog
May 18 18:38:55 prime s3fs: init $Rev: 304 $
May 18 18:45:27 prime s3fs: init $Rev: 304 $
May 18 22:37:00 prime s3fs: init $Rev: 304 $
Please check the format of your credentials file. Consider the following
example:
askdfjaljksdf:39483480398
otherbucket:vznvvmxslj:0890866
The first entry is the default entry. All buckets which do are not
explicitly specified use this entry. If you want to use credentials for
other than default, then you need to specify the other bucket name followed
by its keys.
Comment #2 on issue 188 by moore...@suncup.net: Can't mount bucket despite
FULL_CONTROL in ACL.
http://code.google.com/p/s3fs/issues/detail?id=188
No response from original submitter in over a month -- closing this one.
Oops. I should have spoken up.
Assume we don't use credentials files. My credentials have been granted
FULL ACL on "otherguysbucket", but S3FS won't let me mount. The claim is
that the access grant should be sufficient; boto lets me in (permissions on
specific files and folders are a whole other can of worms).
The particular use case is one where customers have a remote bucket that we
might want to mount. They shouldn't have to give us credentials for their
whole AWS account. Please let me know if I missed some tech note about
per-bucket credentials being available (as opposed to per-account).
Comment #4 on issue 188 by moore...@suncup.net: Can't mount bucket despite
FULL_CONTROL in ACL.
http://code.google.com/p/s3fs/issues/detail?id=188
"boto" ? -- some other S3 client?
I don't fully understand yet, but this more looks like an enhancement
request. Originally, s3fs did not visualize this use model.
Correct me if I am wrong, you still need a set of credentials, however the
bucket you are trying to mount does not belong to you, your credentials
have just been given access to the bucket not owned by you?
Out of curiosity and to understand this better, how does the other owner
grant you access? Must you deliver your credentials to him? ...or do they
generate a special set of credentials for you to use and deliver those to
you?
In order to code for and test this, we'll need to understand the process
and possibly have the "otherguysbucket" available to us for testing.
I think I know that piece of code in s3fs that needs to change. That is the
section where it does preliminary checking to determine if an open line of
communication is present to Amazon S3. The assumption is that the bucket
you are trying to mount is listed in the list of buckets associated with
the credentials.
Do you have more than one set of credentials? If so, then see my previous
comment (#1) (if this is the case, then did you try this?)
With s3fs-r191-source.tar.gz is possible to mount buckets you don't have
credentials for, if the ACL bucket is set to permit this. Not sure in which
revision was this functionality lost.