[GH-ISSUE #2520] Unable to mount some S3 bucket/directories after upgrading from s3fs V1.91 to V1.94 #1233

New issue

Open

opened 2026-03-04 01:52:26 +03:00 by kerem · 2 comments

kerem commented

2026-03-04 01:52:26 +03:00

Owner

Originally created by @pafollmer on GitHub (Aug 29, 2024).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/2520

Additional Information

Version of s3fs being used (`s3fs --version`)

Amazon Simple Storage Service File System V1.94 (commit:unknown) with OpenSSL

Version of fuse being used (`pkg-config --modversion fuse`, `rpm -qi fuse` or `dpkg -s fuse`)

Version : 2.9.4
Release : 1.0.9.el7

Kernel information (`uname -r`)

5.4.17-2136.334.6.1.el7uek.x86_64

GNU/Linux Distribution, if applicable (`cat /etc/os-release`)

NAME="Oracle Linux Server"
VERSION="7.9"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Oracle Linux Server 7.9"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:7:9:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://github.com/oracle/oracle-linux"

ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"
ORACLE_BUGZILLA_PRODUCT_VERSION=7.9
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=7.9

How to run s3fs, if applicable

#Fstab entry

This one fails

service-cds:/SQL/DEPLOY_NOW /s3_sql fuse.s3fs _netdev,nodev,allow_other,nonempty,use_cache=/tmp/s3cache,logfile=/var/log/s3fs.log,uid=1235,gid=1215,mp_umask=0077,umask=0077 0 0

This one works

service-cds:/LOGGING /s3/LOGGING fuse.s3fs _netdev,nodev,allow_other,nonempty,use_cache=/tmp/s3cache,logfile=/var/log/s3fs.log,uid=1235,gid=1216,mp_umask=0007,umask=007 0 0

s3fs syslog messages (`grep s3fs /var/log/syslog`, `journalctl | grep s3fs`, or `s3fs outputs`)

From /var/log/s3fs.log

from service-cds:/SQL/DEPLOY_NOW

[INF] s3fs.cpp:s3fs_init(4276): init v1.94(commit:unknown) with OpenSSL, credential-library(built-in)
[CRT] s3fs.cpp:s3fs_check_service(4544): Failed to connect by sigv4, so retry to connect by signature version 2. But you should to review url and endpoint option.
[CRT] s3fs.cpp:s3fs_check_service(4562): Failed to check bucket and directory for mount point : Invalid Credentials(host=https://s3.amazonaws.com, message=User: arn:aws:iam::999999999:user/UserName is not authorized to perform: s3:GetObject on resource: "arn:aws:s3:::service-cds/SQL/" because no identity-based policy allows the s3:GetObject action)

from service-cds:/LOGGING

2024-08-29T15:28:00.292Z [INF] curl.cpp:InitMimeType(435): Loaded mime information from /etc/mime.types
2024-08-29T15:28:00.293Z [INF] s3fs.cpp:s3fs_init(4276): init v1.94(commit:unknown) with OpenSSL, credential-library(built-in)

Details about issue

Unable to mount some S3 bucket/directory after upgrading from s3fs V1.91 to V1.94
We mount 2 different directories from this bucket. The one that is failing is read/write on the AWS side. The other directory is read-only and mounts correctly.
The Bucket is owned/managed by an outside vendor to allow us to upload and download files. Changing or viewing AWS permissions needs to be done by them through a ticket.
I assume that V1.94 requires s3:GetObject and V1.91 does not. Are there any additional permissions I will need to request?

Originally created by @pafollmer on GitHub (Aug 29, 2024). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/2520 ### Additional Information #### Version of s3fs being used (`s3fs --version`) Amazon Simple Storage Service File System V1.94 (commit:unknown) with OpenSSL #### Version of fuse being used (`pkg-config --modversion fuse`, `rpm -qi fuse` or `dpkg -s fuse`) Version : 2.9.4 Release : 1.0.9.el7 #### Kernel information (`uname -r`) 5.4.17-2136.334.6.1.el7uek.x86_64 #### GNU/Linux Distribution, if applicable (`cat /etc/os-release`) NAME="Oracle Linux Server" VERSION="7.9" ID="ol" ID_LIKE="fedora" VARIANT="Server" VARIANT_ID="server" VERSION_ID="7.9" PRETTY_NAME="Oracle Linux Server 7.9" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:oracle:linux:7:9:server" HOME_URL="https://linux.oracle.com/" BUG_REPORT_URL="https://github.com/oracle/oracle-linux" ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7" ORACLE_BUGZILLA_PRODUCT_VERSION=7.9 ORACLE_SUPPORT_PRODUCT="Oracle Linux" ORACLE_SUPPORT_PRODUCT_VERSION=7.9 #### How to run s3fs, if applicable  #Fstab entry # This one fails service-cds:/SQL/DEPLOY_NOW /s3_sql fuse.s3fs _netdev,nodev,allow_other,nonempty,use_cache=/tmp/s3cache,logfile=/var/log/s3fs.log,uid=1235,gid=1215,mp_umask=0077,umask=0077 0 0 # This one works service-cds:/LOGGING /s3/LOGGING fuse.s3fs _netdev,nodev,allow_other,nonempty,use_cache=/tmp/s3cache,logfile=/var/log/s3fs.log,uid=1235,gid=1216,mp_umask=0007,umask=007 0 0 #### s3fs syslog messages (`grep s3fs /var/log/syslog`, `journalctl | grep s3fs`, or `s3fs outputs`) From /var/log/s3fs.log # from service-cds:/SQL/DEPLOY_NOW [INF] s3fs.cpp:s3fs_init(4276): init v1.94(commit:unknown) with OpenSSL, credential-library(built-in) [CRT] s3fs.cpp:s3fs_check_service(4544): Failed to connect by sigv4, so retry to connect by signature version 2. But you should to review url and endpoint option. [CRT] s3fs.cpp:s3fs_check_service(4562): Failed to check bucket and directory for mount point : Invalid Credentials(host=https://s3.amazonaws.com, message=User: arn:aws:iam::999999999:user/UserName is not authorized to perform: s3:GetObject on resource: "arn:aws:s3:::service-cds/SQL/" because no identity-based policy allows the s3:GetObject action) # from service-cds:/LOGGING 2024-08-29T15:28:00.292Z [INF] curl.cpp:InitMimeType(435): Loaded mime information from /etc/mime.types 2024-08-29T15:28:00.293Z [INF] s3fs.cpp:s3fs_init(4276): init v1.94(commit:unknown) with OpenSSL, credential-library(built-in) ### Details about issue  Unable to mount some S3 bucket/directory after upgrading from s3fs V1.91 to V1.94 We mount 2 different directories from this bucket. The one that is failing is read/write on the AWS side. The other directory is read-only and mounts correctly. The Bucket is owned/managed by an outside vendor to allow us to upload and download files. Changing or viewing AWS permissions needs to be done by them through a ticket. I assume that V1.94 requires s3:GetObject and V1.91 does not. Are there any additional permissions I will need to request?

kerem commented

2026-03-04 01:52:26 +03:00

Author

Owner

@mlazzarotto commented on GitHub (Dec 20, 2024):

Having the same issue but with Backblaze B2. Did you manage to find a solution?

@mlazzarotto commented on GitHub (Dec 20, 2024): Having the same issue but with Backblaze B2. Did you manage to find a solution?

kerem commented

2026-03-04 01:52:26 +03:00

Author

Owner

@ggtakec commented on GitHub (Jan 19, 2025):

@mlazzarotto Sorry for my late reply.
Try starting s3fs with dbglevel=info (or dbglevel=dbg) and curldbg options and get the execution log.
The log may provide some clues to solving this problem.

@ggtakec commented on GitHub (Jan 19, 2025): @mlazzarotto Sorry for my late reply. Try starting s3fs with `dbglevel=info` (or `dbglevel=dbg`) and `curldbg` options and get the execution log. The log may provide some clues to solving this problem.