[GH-ISSUE #49] use_sse is ignored when creating new files #28

New issue

Closed

opened 2026-03-04 01:41:19 +03:00 by kerem · 2 comments

kerem commented

2026-03-04 01:41:19 +03:00

Owner

Originally created by @malloctrim on GitHub (Aug 6, 2014).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/49

The x-amz-server-side-encryption header is not sent when creating new files, only when files are flushed from the cache.

This means that when you set a policy on your bucket like the one described here: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html, which forces that only encrypted objects can be stored in the bucket, you get 'operation not permitted' errors because the policy is blocking all put requests that don't have the sse header.

The functions in s3fs.cpp, create_file_object and create_directory_object now call PutRequest like this:

return s3fscurl.PutRequest(path, meta, -1, false);

It should probably be called like this:

return s3fscurl.PutRequest(path, meta, -1, S3fsCurl::GetUseSse());

Originally created by @malloctrim on GitHub (Aug 6, 2014). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/49 The `x-amz-server-side-encryption` header is not sent when creating new files, only when files are flushed from the cache. This means that when you set a policy on your bucket like the one described here: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html, which forces that only encrypted objects can be stored in the bucket, you get 'operation not permitted' errors because the policy is blocking all put requests that don't have the sse header. The functions in `s3fs.cpp`, `create_file_object` and `create_directory_object` now call `PutRequest` like this: `return s3fscurl.PutRequest(path, meta, -1, false);` It should probably be called like this: `return s3fscurl.PutRequest(path, meta, -1, S3fsCurl::GetUseSse());`

kerem

2026-03-04 01:41:19 +03:00

closed this issue
added the
bug
label

kerem commented

2026-03-04 01:41:21 +03:00

Author

Owner

@ggtakec commented on GitHub (Aug 14, 2014):

Hi,

Thanks for your report.
I did not know backer policy about SSE(C), thanks again.
So this is a bug, I fixed this issue about github.com/s3fs-fuse/s3fs-fuse@cbec8da9a3
It is pushed latest see-c branch now.

Please check it and let me know if you found any problem.
Thanks in advance for your help.

@ggtakec commented on GitHub (Aug 14, 2014): Hi, Thanks for your report. I did not know backer policy about SSE(C), thanks again. So this is a bug, I fixed this issue about https://github.com/s3fs-fuse/s3fs-fuse/commit/cbec8da9a3442fa982fe7a8c8e83794e5ba8b791 It is pushed latest see-c branch now. Please check it and let me know if you found any problem. Thanks in advance for your help.

kerem commented

2026-03-04 01:41:21 +03:00

Author

Owner

@malloctrim commented on GitHub (Aug 18, 2014):

Yes, that works fine. Thanks.

I've also added some comments to issue #39 regarding that sse-c branch, as multipart uploading doesn't work.

@malloctrim commented on GitHub (Aug 18, 2014): Yes, that works fine. Thanks. I've also added some comments to issue #39 regarding that sse-c branch, as multipart uploading doesn't work.

kerem referenced this issue

2026-03-04 01:53:20 +03:00

[PR #28] [MERGED] Address signedness warning in FdCache::Init #1315