Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 337 by
david...@qedmf.net: FIle permissions 000
http://code.google.com/p/s3fs/issues/detail?id=337
Detailed description of observed behavior:
To be clear about what I'm doing: I am synching a directory from a source
host (not virtualized) up to an s3 bucket with s3cmd, then mounting that
same bucket on an ec2 instance using s3fs. The IAM user used for the synch
from the non virtualized host is the same used to mount the bucket on the
ec2 instance.
Mounting an s3 bucked with s3fs version 1.68 results in the files and
directores in the mount having perms 000:
d--------- 1 root root 0 Jan 1 1970 debian
---------- 1 root root 231 May 2 19:34 distributions
I am trying to serve the files in this mount under apache (www-data user)
and because of these permissions, apache is unable to read the files.
Mounting with allow_other does not change the behavior. If I manually
chmod/chown the files and directories, apache can then read them all, but
any new files added to the s3 bucket - by another host - show up with perms
000, and apache cannot read them. root is able to read all files in the
mount.
I have tried quite a few troubleshooting/work around steps. Most surprising
(to me) is that even if I use the allow_other, uid, gid, and umask options,
I still have trouble accessing the files on the mount. Even if I set gid
and uid to that of the www-data user and umask to 022, and confirm by
looking at the disk that the ownership and permissions appear open for the
www-data user, I still get issues reading the files:
$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
$ ls -l
total 0
drwxr-xr-x 1 www-data www-data 0 Jan 1 1970 debian
drwxr-xr-x 1 www-data www-data 0 Jan 1 1970 mvn
drwxr-xr-x 1 www-data www-data 0 Jan 1 1970 rpm
$ ls -l debian/
ls: cannot open directory debian/: Operation not permitted
I have also tried mounting the bucket as the www-data user (i.e. not as the
root user), and I still get errors like "Operation not permitted" trying to
access the files on the mount.
I am mounting the bucket with an IAM user who has permissions to Get* List*
Delete* Put* on the bucket and the bucket/*, and has ListAllMyBuckets as
well. This same user is able to use s3cmd to synch from a local drive on a
source machine to the s3 bucket. Here's the policy with the bucket name
redacted:
{
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:List*",
"s3:Delete*",
"s3:Put*",
"s3:Get*"
],
"Resource": "arn:aws:s3:::${bucket}",
"Resource": "arn:aws:s3:::${bucket}/*"
}
]
}
I have also tried previous versions of s3fs from 1.60 forward. With
1.60-1.62 the mount happens, but the only files I can see are those in the
top level of the bucket. And by files, I mean not directories. Top level
directories are simply not shown in the mounted fs. With 1.63-1.67 result
in i/o errors when trying to read the mount, even as root, and question
marks in place of dashes for the permissions bits.
So, to reiterate, the only thing that seems to enable the www-data user to
read the files on the mount is to mount as root, with or without the
allow_other option, then manually chmod/chown the files and directories in
the mount. But then, new files synched up to the bucket show up with perms
000.
What steps will reproduce the problem - please be very specific and
detailed. (if the developers cannot reproduce the issue, then it is
unlikely a fix will be found)?
Use s3cmd to synch a directory on a non-virtualized host to an s3 bucket.
Mount the same s3 bucket on an ec2 instance using s3fs. Look at the file
system permissions on the mouted s3 bucket.
===================================================================
The following information is very important in order to help us to help
you. Omission of the following details may delay your support request or
receive no attention at all.
===================================================================
Version of s3fs being used (s3fs --version):
Amazon Simple Storage Service File System 1.68
Version of fuse being used (pkg-config --modversion fuse):
2.8.6
System information (uname -a):
Linux www 3.2.0-37-virtual #58-Ubuntu SMP Thu Jan 24 15:48:03 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
Distro (cat /etc/issue):
Ubuntu 12.04.2 LTS \n \l
s3fs command line used (if applicable):
/etc/fstab entry (if applicable):
(bucket name redacted)
s3fs#${bucket} /var/www/mnt fuse allow_other,url=
https://s3.amazonaws.com 0
0
s3fs syslog messages (grep s3fs /var/log/syslog):
many of these:
May 2 20:01:40 www s3fs: init $Rev: 414 $
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings