starred/s3fs-fuse
1
0
Fork 0
mirror of https://github.com/s3fs-fuse/s3fs-fuse.git synced 2026-04-25 13:26:00 +03:00
Code Issues 305 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #635] Bucket was working, now I get Transport endpoint is not connected error #362

New issue
Closed
opened 2026-03-04 01:44:45 +03:00 by kerem · 10 comments
kerem commented 2026-03-04 01:44:45 +03:00
Owner
Copy link

Originally created by @3DTOPO on GitHub (Sep 7, 2017).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/635

Details about issue

I have been using s3fs successfully for about a week or so, and without making any changes, all of the sudden it stopped working. If I run the following:

sudo fusermount -u /mnt/naip
sudo s3fs -o allow_other -o umask=0002  -o curldbg  aws-naip /mnt/naip
ls /mnt/naip

I get the error:
ls: cannot access /mnt/naip: Transport endpoint is not connected

I don't understand why it was working and then without making any configuration changes it stopped working. Any suggestions would be greatly appreciated.

Information about the aws-naip bucket I am attempting to use is here.

The imagery is currently still online - so I know the data still must be accessible. On this page, if you click the "Explore NAIP Imagery" you can access the data I am attempting to access with s3fs.

Additional Information

The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all.

  • Version of s3fs being used (s3fs --version): 1.74

  • Version of fuse being used (pkg-config --modversion fuse): 2.9.2

  • System information (uname -a): Linux ip-172-31-13-98 3.13.0-125-generic #174-Ubuntu SMP Mon Jul 10 18:51:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

  • Distro (cat /etc/issue): Ubuntu 14.04.5 LTS \n \l

  • s3fs command line used (if applicable): sudo s3fs -o allow_other -o umask=0002 aws-naip /mnt/naip

  • /etc/fstab entry (if applicable): n/a

  • s3fs syslog messages (grep s3fs /var/log/syslog, or s3fs outputs)
    if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages: Sep 7 04:33:08 ip-172-31-13-98 s3fs: init Rev: 497
    no errors

Originally created by @3DTOPO on GitHub (Sep 7, 2017). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/635 #### Details about issue I have been using s3fs successfully for about a week or so, and without making any changes, all of the sudden it stopped working. If I run the following: ``` sudo fusermount -u /mnt/naip sudo s3fs -o allow_other -o umask=0002 -o curldbg aws-naip /mnt/naip ls /mnt/naip ``` I get the error: `ls: cannot access /mnt/naip: Transport endpoint is not connected` I don't understand why it was working and then without making any configuration changes it stopped working. Any suggestions would be greatly appreciated. Information about the aws-naip bucket I am attempting to use is [here](https://aws.amazon.com/public-datasets/naip/). The imagery is currently still online - so I know the data still must be accessible. On this [page](https://f5f3hkneq5.execute-api.us-east-1.amazonaws.com/prod), if you click the "Explore NAIP Imagery" you can access the data I am attempting to access with s3fs. #### Additional Information _The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all._ - Version of s3fs being used (s3fs --version): 1.74 - Version of fuse being used (pkg-config --modversion fuse): 2.9.2 - System information (uname -a): Linux ip-172-31-13-98 3.13.0-125-generic #174-Ubuntu SMP Mon Jul 10 18:51:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux - Distro (cat /etc/issue): Ubuntu 14.04.5 LTS \n \l - s3fs command line used (if applicable): sudo s3fs -o allow_other -o umask=0002 aws-naip /mnt/naip - /etc/fstab entry (if applicable): n/a - s3fs syslog messages (grep s3fs /var/log/syslog, or s3fs outputs) _if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages_: Sep 7 04:33:08 ip-172-31-13-98 s3fs: init $Rev: 497 $ no errors
kerem closed this issue 2026-03-04 01:44:46 +03:00
kerem commented 2026-03-04 01:44:46 +03:00
Author
Owner
Copy link

@3DTOPO commented on GitHub (Sep 8, 2017):

I updated to s3fs 1.8.2 and FUSE 2.9.7. I still can't get the drive to mount like I could before, but I am now getting some useful information in the logs. I don't know why, but I am getting a 403 Forbidden error.

Running:
s3fs aws-naip /mnt/naip -o dbglevel=info -o curldbg -o allow_other -o umask=0002 -o endpoint=us-east-1 -o use_path_request_style

Produces the following in my syslog. I have triple checked that I am using a valid access key and secret. I ran 'aws configure' and used the same credentials.

Sep  8 19:53:50 ip-172-31-13-98 s3fs[17209]: s3fs.cpp:set_s3fs_log_level(257): change debug level from [CRT] to [INF] 
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17209]:     PROC(uid=1000, gid=1000) - MountPoint(uid=1000, gid=1000, mode=40777)
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_init(3378): init v1.82(commit:unknown) with OpenSSL
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: check services.
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       check a bucket.
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       URL is https://s3.amazonaws.com/aws-naip/
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       URL changed is https://s3.amazonaws.com/aws-naip/
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       computing signature [GET] [/] [] []
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       url is https://s3.amazonaws.com
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Hostname was NOT found in DNS cache
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: *   Trying 52.216.96.93...
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Connected to s3.amazonaws.com (52.216.96.93) port 443 (#0)
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * successfully set certificate verify locations:
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: *   CAfile: none#012  CApath: /etc/ssl/certs
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Client hello (1):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Server hello (2):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, CERT (11):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Server key exchange (12):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Server finished (14):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Client key exchange (16):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS change cipher, Client hello (1):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Finished (20):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS change cipher, Client hello (1):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Finished (20):
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSL connection using ECDHE-RSA-AES128-GCM-SHA256
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Server certificate:
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: *      subject: C=US; ST=Washington; L=Seattle; O=Amazon.com Inc.; CN=s3.amazonaws.com
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: *      start date: 2016-07-29 00:00:00 GMT
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: *      expire date: 2017-11-29 12:00:00 GMT
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: *      subjectAltName: s3.amazonaws.com matched
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: *      issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: *      SSL certificate verify ok.
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > GET /aws-naip/ HTTP/1.1
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > User-Agent: s3fs/1.82 (commit hash unknown; OpenSSL)
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Accept: */*
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOMR2FNTH47KTI3Q/20170908/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=e08a9c83fb24f1bc1c7b98813fd7e684e85afd0af974fd8a955cf6bbb1410fb5
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > host: s3.amazonaws.com
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > x-amz-date: 20170908T195350Z
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > 
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < HTTP/1.1 403 Forbidden
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-bucket-region: us-east-1
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-request-id: 58118674D8819717
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-id-2: M/Ai0L72b+kV0zYXNuL7DURBYAY/Ihfjc12uL9zdC+TKYkGRf5fZEF3xfjh9FmAFwuQhTSlmBd0=
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Content-Type: application/xml
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Transfer-Encoding: chunked
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Date: Fri, 08 Sep 2017 19:53:45 GMT
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Server AmazonS3 is not blacklisted
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Server: AmazonS3
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < 
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Connection #0 to host s3.amazonaws.com left intact
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       HTTP response code 403 was returned, returning EPERM
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>58118674D8819717</RequestId><HostId>M/Ai0L72b+kV0zYXNuL7DURBYAY/Ihfjc12uL9zdC+TKYkGRf5fZEF3xfjh9FmAFwuQhTSlmBd0=</HostId></Error>
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_check_service(3795): Could not connect, so retry to connect by signature version 2.
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       check a bucket.
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       URL is https://s3.amazonaws.com/aws-naip/
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       URL changed is https://s3.amazonaws.com/aws-naip/
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Found bundle for host s3.amazonaws.com: 0x7f2218150540
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Re-using existing connection! (#0) with host s3.amazonaws.com
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Connected to s3.amazonaws.com (52.216.96.93) port 443 (#0)
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > GET /aws-naip/ HTTP/1.1
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > User-Agent: s3fs/1.82 (commit hash unknown; OpenSSL)
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Host: s3.amazonaws.com
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Accept: */*
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Authorization: AWS AKIAIOMR2FNTH47KTI3Q:zRe9ZdgaAHYy/KxMFpPM4h/ZGHI=
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Date: Fri, 08 Sep 2017 19:53:50 GMT
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: > 
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < HTTP/1.1 403 Forbidden
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-bucket-region: us-east-1
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-request-id: CBD59ABA09B76193
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-id-2: OtwHq7gDI8N/miR3mXlBOgydPcNHoGU47G7xzIGBQ/U+tZ1HL0mbjqnneBE5AMHXYKZFIWNfRek=
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Content-Type: application/xml
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Transfer-Encoding: chunked
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Date: Fri, 08 Sep 2017 19:53:45 GMT
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Server AmazonS3 is not blacklisted
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Server: AmazonS3
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: < 
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Connection #0 to host s3.amazonaws.com left intact
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]:       HTTP response code 403 was returned, returning EPERM
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CBD59ABA09B76193</RequestId><HostId>OtwHq7gDI8N/miR3mXlBOgydPcNHoGU47G7xzIGBQ/U+tZ1HL0mbjqnneBE5AMHXYKZFIWNfRek=</HostId></Error>
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_check_service(3810): invalid credentials(host=https://s3.amazonaws.com) - result of checking service.
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_exit_fuseloop(3368): Exiting FUSE event loop due to errors
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: destroy
Sep  8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_destroy(3445): Could not release curl library.
<!-- gh-comment-id:328200179 --> @3DTOPO commented on GitHub (Sep 8, 2017): I updated to s3fs 1.8.2 and FUSE 2.9.7. I still can't get the drive to mount like I could before, but I am now getting some useful information in the logs. I don't know why, but I am getting a 403 Forbidden error. Running: `s3fs aws-naip /mnt/naip -o dbglevel=info -o curldbg -o allow_other -o umask=0002 -o endpoint=us-east-1 -o use_path_request_style ` Produces the following in my syslog. I have triple checked that I am using a valid access key and secret. I ran 'aws configure' and used the same credentials. ``` Sep 8 19:53:50 ip-172-31-13-98 s3fs[17209]: s3fs.cpp:set_s3fs_log_level(257): change debug level from [CRT] to [INF] Sep 8 19:53:50 ip-172-31-13-98 s3fs[17209]: PROC(uid=1000, gid=1000) - MountPoint(uid=1000, gid=1000, mode=40777) Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_init(3378): init v1.82(commit:unknown) with OpenSSL Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: check services. Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: check a bucket. Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: URL is https://s3.amazonaws.com/aws-naip/ Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: URL changed is https://s3.amazonaws.com/aws-naip/ Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: computing signature [GET] [/] [] [] Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: url is https://s3.amazonaws.com Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Hostname was NOT found in DNS cache Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Trying 52.216.96.93... Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Connected to s3.amazonaws.com (52.216.96.93) port 443 (#0) Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * successfully set certificate verify locations: Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * CAfile: none#012 CApath: /etc/ssl/certs Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Client hello (1): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Server hello (2): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, CERT (11): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Server key exchange (12): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Server finished (14): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Client key exchange (16): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS change cipher, Client hello (1): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Finished (20): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS change cipher, Client hello (1): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSLv3, TLS handshake, Finished (20): Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSL connection using ECDHE-RSA-AES128-GCM-SHA256 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Server certificate: Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * subject: C=US; ST=Washington; L=Seattle; O=Amazon.com Inc.; CN=s3.amazonaws.com Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * start date: 2016-07-29 00:00:00 GMT Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * expire date: 2017-11-29 12:00:00 GMT Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * subjectAltName: s3.amazonaws.com matched Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * SSL certificate verify ok. Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > GET /aws-naip/ HTTP/1.1 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > User-Agent: s3fs/1.82 (commit hash unknown; OpenSSL) Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Accept: */* Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOMR2FNTH47KTI3Q/20170908/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=e08a9c83fb24f1bc1c7b98813fd7e684e85afd0af974fd8a955cf6bbb1410fb5 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > host: s3.amazonaws.com Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > x-amz-date: 20170908T195350Z Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < HTTP/1.1 403 Forbidden Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-bucket-region: us-east-1 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-request-id: 58118674D8819717 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-id-2: M/Ai0L72b+kV0zYXNuL7DURBYAY/Ihfjc12uL9zdC+TKYkGRf5fZEF3xfjh9FmAFwuQhTSlmBd0= Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Content-Type: application/xml Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Transfer-Encoding: chunked Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Date: Fri, 08 Sep 2017 19:53:45 GMT Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Server AmazonS3 is not blacklisted Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Server: AmazonS3 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Connection #0 to host s3.amazonaws.com left intact Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: HTTP response code 403 was returned, returning EPERM Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>58118674D8819717</RequestId><HostId>M/Ai0L72b+kV0zYXNuL7DURBYAY/Ihfjc12uL9zdC+TKYkGRf5fZEF3xfjh9FmAFwuQhTSlmBd0=</HostId></Error> Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_check_service(3795): Could not connect, so retry to connect by signature version 2. Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: check a bucket. Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: URL is https://s3.amazonaws.com/aws-naip/ Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: URL changed is https://s3.amazonaws.com/aws-naip/ Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Found bundle for host s3.amazonaws.com: 0x7f2218150540 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Re-using existing connection! (#0) with host s3.amazonaws.com Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Connected to s3.amazonaws.com (52.216.96.93) port 443 (#0) Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > GET /aws-naip/ HTTP/1.1 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > User-Agent: s3fs/1.82 (commit hash unknown; OpenSSL) Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Host: s3.amazonaws.com Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Accept: */* Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Authorization: AWS AKIAIOMR2FNTH47KTI3Q:zRe9ZdgaAHYy/KxMFpPM4h/ZGHI= Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Date: Fri, 08 Sep 2017 19:53:50 GMT Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: > Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < HTTP/1.1 403 Forbidden Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-bucket-region: us-east-1 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-request-id: CBD59ABA09B76193 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < x-amz-id-2: OtwHq7gDI8N/miR3mXlBOgydPcNHoGU47G7xzIGBQ/U+tZ1HL0mbjqnneBE5AMHXYKZFIWNfRek= Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Content-Type: application/xml Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Transfer-Encoding: chunked Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Date: Fri, 08 Sep 2017 19:53:45 GMT Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Server AmazonS3 is not blacklisted Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Server: AmazonS3 Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: < Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: * Connection #0 to host s3.amazonaws.com left intact Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: HTTP response code 403 was returned, returning EPERM Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CBD59ABA09B76193</RequestId><HostId>OtwHq7gDI8N/miR3mXlBOgydPcNHoGU47G7xzIGBQ/U+tZ1HL0mbjqnneBE5AMHXYKZFIWNfRek=</HostId></Error> Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_check_service(3810): invalid credentials(host=https://s3.amazonaws.com) - result of checking service. Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_exit_fuseloop(3368): Exiting FUSE event loop due to errors Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: destroy Sep 8 19:53:50 ip-172-31-13-98 s3fs[17213]: s3fs.cpp:s3fs_destroy(3445): Could not release curl library. ```
kerem commented 2026-03-04 01:44:46 +03:00
Author
Owner
Copy link

@3DTOPO commented on GitHub (Sep 14, 2017):

Apparently the issue is related to the fact that the bucket is set for "Requester Pays". I have no idea why s3fs was working without before, but if access to a Requester Pays bucket without a "x-amz-request-payer: requester" header, it will return with an 403 error.

The option apparently still hasn't been implemented with the aws-cli: https://github.com/aws/aws-cli/issues/2557

s3cmd does support "Requester Pays", and I was able to successfully copy a file from the bucket with it:

s3cmd --requester-pays get s3://aws-naip/ca/2016/.6m/rgbir/40122/m_4012213_nw_10_h_20160713.tif .

I would much much rather use s3fs to use the bucket drive like a drive than having to copy the files to my ec2 instances with s3cmd. Is there anyway you might add support for "Requester Pays" buckets?

<!-- gh-comment-id:329389876 --> @3DTOPO commented on GitHub (Sep 14, 2017): Apparently the issue is related to the fact that the bucket is set for "Requester Pays". I have no idea why s3fs was working without before, but if access to a Requester Pays bucket without a "x-amz-request-payer: requester" header, it will return with an 403 error. The option apparently still hasn't been implemented with the aws-cli: https://github.com/aws/aws-cli/issues/2557 s3cmd does support "Requester Pays", and I was able to successfully copy a file from the bucket with it: `s3cmd --requester-pays get s3://aws-naip/ca/2016/.6m/rgbir/40122/m_4012213_nw_10_h_20160713.tif . ` I would much much rather use s3fs to use the bucket drive like a drive than having to copy the files to my ec2 instances with s3cmd. Is there anyway you might add support for "Requester Pays" buckets?
kerem commented 2026-03-04 01:44:47 +03:00
Author
Owner
Copy link

@3DTOPO commented on GitHub (Sep 15, 2017):

https://github.com/s3fs-fuse/s3fs-fuse/pull/641 fixes the issue with Requester Pays buckets. Obviously will want to add a flag to enable it, but I can confirm this works.

<!-- gh-comment-id:329668875 --> @3DTOPO commented on GitHub (Sep 15, 2017): https://github.com/s3fs-fuse/s3fs-fuse/pull/641 fixes the issue with Requester Pays buckets. Obviously will want to add a flag to enable it, but I can confirm this works.
kerem commented 2026-03-04 01:44:47 +03:00
Author
Owner
Copy link

@ggtakec commented on GitHub (Sep 17, 2017):

@3DTOPO I'm sorry for my late reply.
I found the sentence in NAIP on AWS: "The NAIP imagery on AWS is located in the "aws-naip" S3 bucket. The data is in a Requester Pays bucket which means that you can access it freely within the us-east-1 region, but you will incur charges if you download it elsewhere."

I think probably that you did not get an error because you have accessed only us-east-1 so far.
I think that s3fs supports "Requester Pays", so it is necessary to add a dedicated startup option.

I'm going to open this Issue again.
Regards,

<!-- gh-comment-id:330025465 --> @ggtakec commented on GitHub (Sep 17, 2017): @3DTOPO I'm sorry for my late reply. I found the sentence in NAIP on AWS: "The NAIP imagery on AWS is located in the "aws-naip" S3 bucket. The data is in a Requester Pays bucket which means that you can access it freely within the us-east-1 region, but you will incur charges if you download it elsewhere." I think probably that you did not get an error because you have accessed only us-east-1 so far. I think that s3fs supports "Requester Pays", so it is necessary to add a dedicated startup option. I'm going to open this Issue again. Regards,
kerem commented 2026-03-04 01:44:47 +03:00
Author
Owner
Copy link

@3DTOPO commented on GitHub (Sep 17, 2017):

Hi @ggtakec no problem, thank you!

I have only used it in the us-east-1 zone, but it was working then stopped (same zone).

After I added my hack #641 it started working again. Is a flag needed to enable "Requester Pays"?

<!-- gh-comment-id:330025613 --> @3DTOPO commented on GitHub (Sep 17, 2017): Hi @ggtakec no problem, thank you! I have only used it in the us-east-1 zone, but it was working then stopped (same zone). After I added my hack #641 it started working again. Is a flag needed to enable "Requester Pays"?
kerem commented 2026-03-04 01:44:47 +03:00
Author
Owner
Copy link

@ggtakec commented on GitHub (Sep 17, 2017):

@3DTOPO
I think that you should prepare startup options like "requester_pays"(default disable).
This is because you want to prevent users from accidentally being charged and because most of the users are unnecessary headers, we want to disable them by default.

Also, if this header can not be supported (passed) by S3Proxy, the test needs to be done manually.
Regards,

<!-- gh-comment-id:330026544 --> @ggtakec commented on GitHub (Sep 17, 2017): @3DTOPO I think that you should prepare startup options like "requester_pays"(default disable). This is because you want to prevent users from accidentally being charged and because most of the users are unnecessary headers, we want to disable them by default. Also, if this header can not be supported (passed) by S3Proxy, the test needs to be done manually. Regards,
kerem commented 2026-03-04 01:44:47 +03:00
Author
Owner
Copy link

@JiaweiZhuang commented on GitHub (Feb 14, 2018):

Is there still an issue with requester-pay buckets? I can access the aws-naip data easily through s3fs. Just:

mkdir naip
s3fs aws-naip naip -o allow_other,passwd_file=passwd,umask=022

Then I can see and open all files:

ubuntu@ip-172-31-30-197:~$ cd naip/
ubuntu@ip-172-31-30-197:~/naip$ ls
al  az  co  de  ga  id  in  ky  ma            manifest.txt  me  mn  ms  nc  ne  nj  nv  oh  or  readme.txt  sc  tmp  tx  va  wa  wv
ar  ca  ct  fl  ia  il  ks  la  manifest.old  md            mi  mo  mt  nd  nh  nm  ny  ok  pa  ri          sd  tn   ut  vt  wi  wy

I would like to work with other requester-pay buckets but I noticed this issue. Are there any caveats (since this issue is not closed yet)?

Here's platform information:

ubuntu@ip-172-31-30-197:~$ s3fs --version
Amazon Simple Storage Service File System V1.83(commit:e1dafe7) with OpenSSL
Copyright (C) 2010 Randy Rizun <rrizun@gmail.com>
License GPL2: GNU GPL version 2 <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
ubuntu@ip-172-31-30-197:~$ pkg-config --modversion fuse
2.9.4
ubuntu@ip-172-31-30-197:~$ uname -a
Linux ip-172-31-30-197 4.4.0-1049-aws #58-Ubuntu SMP Fri Jan 12 23:17:09 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@ip-172-31-30-197:~$ cat /etc/issue
Ubuntu 16.04.3 LTS \n \l
<!-- gh-comment-id:365754444 --> @JiaweiZhuang commented on GitHub (Feb 14, 2018): Is there still an issue with requester-pay buckets? I can access the aws-naip data easily through s3fs. Just: ``` mkdir naip s3fs aws-naip naip -o allow_other,passwd_file=passwd,umask=022 ``` Then I can see and open all files: ``` ubuntu@ip-172-31-30-197:~$ cd naip/ ubuntu@ip-172-31-30-197:~/naip$ ls al az co de ga id in ky ma manifest.txt me mn ms nc ne nj nv oh or readme.txt sc tmp tx va wa wv ar ca ct fl ia il ks la manifest.old md mi mo mt nd nh nm ny ok pa ri sd tn ut vt wi wy ``` I would like to work with other requester-pay buckets but I noticed this issue. Are there any caveats (since this issue is not closed yet)? Here's platform information: <details> ``` ubuntu@ip-172-31-30-197:~$ s3fs --version Amazon Simple Storage Service File System V1.83(commit:e1dafe7) with OpenSSL Copyright (C) 2010 Randy Rizun <rrizun@gmail.com> License GPL2: GNU GPL version 2 <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. ubuntu@ip-172-31-30-197:~$ pkg-config --modversion fuse 2.9.4 ubuntu@ip-172-31-30-197:~$ uname -a Linux ip-172-31-30-197 4.4.0-1049-aws #58-Ubuntu SMP Fri Jan 12 23:17:09 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux ubuntu@ip-172-31-30-197:~$ cat /etc/issue Ubuntu 16.04.3 LTS \n \l ``` </details>
kerem commented 2026-03-04 01:44:47 +03:00
Author
Owner
Copy link

@JiaweiZhuang commented on GitHub (Mar 12, 2018):

Well, seems like the aws-naip bucket is not requester-pay anymore? It can be accessed by simply

$aws s3 ls aws-naip
                           PRE .misc/
                           PRE al/
...

I actually can NOT mount requester buckets in my other account. Any progress on this issue so far?

<!-- gh-comment-id:372466645 --> @JiaweiZhuang commented on GitHub (Mar 12, 2018): Well, seems like the `aws-naip` bucket is not requester-pay anymore? It can be accessed by simply ``` $aws s3 ls aws-naip PRE .misc/ PRE al/ ... ``` I actually can NOT mount requester buckets in my other account. Any progress on this issue so far?
kerem commented 2026-03-04 01:44:47 +03:00
Author
Owner
Copy link

@ahuarte47 commented on GitHub (Nov 24, 2019):

With PR 1199 merged I think this issue could be closed

<!-- gh-comment-id:557872617 --> @ahuarte47 commented on GitHub (Nov 24, 2019): With [PR 1199](https://github.com/s3fs-fuse/s3fs-fuse/pull/1199) merged I think this issue could be closed
kerem commented 2026-03-04 01:44:47 +03:00
Author
Owner
Copy link

@ggtakec commented on GitHub (Nov 24, 2019):

@ahuarte47 Thanks, I'm closing this issue.
If you find a problem about this issue yet, please re-open this.

<!-- gh-comment-id:557877843 --> @ggtakec commented on GitHub (Nov 24, 2019): @ahuarte47 Thanks, I'm closing this issue. If you find a problem about this issue yet, please re-open this.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.97
v1.96
v1.95
v1.94
v1.93
v1.92
v1.91
v1.90
v1.89
v1.88
v1.87
v1.86
v1.85
v1.84
v1.83
v1.82
v1.81
v1.80
v1.79
v1.78
Pre-v1.78
v1.77
v1.76
v1.75
v1.74
Labels
Clear labels   
bug

   
bug

   
dataloss

   
duplicate

   
enhancement

   
feature request

   
help wanted

   
invalid

   
need info

   
performance

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
testing
No labels
bug
bug
dataloss
duplicate
enhancement
feature request
help wanted
invalid
need info
performance
pull-request
question
question
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/s3fs-fuse#362
No description provided.