[GH-ISSUE #828] unable to put object after turning on the encryption on the s3 bucket #482

New issue

Closed

opened 2026-03-04 01:46:00 +03:00 by kerem · 2 comments

kerem commented

2026-03-04 01:46:00 +03:00

Owner

Originally created by @antonytphilip on GitHub (Sep 24, 2018).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/828

Additional Information

The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all.

Version of s3fs being used (s3fs --version)

example: 1.00
Amazon Simple Storage Service File System V1.83(commit:7ba8784) with OpenSSL
Copyright (C) 2010 Randy Rizun rrizun@gmail.com

Version of fuse being used (pkg-config --modversion fuse)

example: 2.9.4
2.9.2

System information (uname -r)

command result: uname -r
3.10.0-862.11.6.el7.x86_64

Distro (cat /etc/issue)

command result: cat /etc/issue
Red Hat Enterprise Linux Server release 7.5 (Maipo)

s3fs command line used (if applicable)

/etc/fstab entry (if applicable):

mybucket  /jmybucketmount fuse.s3fs _netdev,allow_other,use_sse=kmsid:arn:aws:kms:us-east-1:xxxxxxx:key/xxxxxxxxx,url=https://s3.amazonaws.com,iam_role=auto,uid=1001,mp_umask=002,multireq_max=5,nonempty,dbglevel=INFO,curldbg 0 0

s3fs syslog messages (grep s3fs /var/log/syslog, or s3fs outputs)

if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages

```URL is https://s3.amazonaws.com/mybucket/site.sh
URL changed is https://mybucket.s3.amazonaws.com/site.sh
computing signature [PUT] [/site.sh] [] [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
url is https://s3.amazonaws.com
uploading... [path=/site.sh][fd=8][size=0]
* Found bundle for host mybucket.s3.amazonaws.com: 0x7f4d54003290
* Re-using existing connection! (#4) with host http.proxy.fmr.com
* Connected to http.proxy.fmr.com (10.92.2.6) port 8000 (#4)
> PUT /site.sh HTTP/1.1
> User-Agent: s3fs/1.83 (commit hash 7ba8784; OpenSSL)
> Accept: */*
> Authorization: AWS4-HMAC-SHA256 Credential=, SignedHeaders=content-type;host;x-amz-acl;x-amz-content-sha256;x-amz-date;x-amz-meta-gid;x-amz-meta-mode;x-amz-meta-mtime;x-amz-meta-uid;x-amz-security-token;x-amz-server-side-encryption;x-amz-server-side-encryption-aws-kms-key-id, Signature=
> Content-Type: application/x-sh
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > host: mybucket.s3.amazonaws.com
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-acl: private
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-content-sha256: xxxxxxxxxxx
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-date: 20180924T110040Z
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-meta-gid: 0
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-meta-mode: 33188
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-meta-mtime: 1537785294
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-meta-uid: 0
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-security-token: xxxxxxxxxxxxxxxx
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-server-side-encryption: aws:kms
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:xxxxxx:key/xxxxx-xxx-xxxx-xxxxx-xxxxx
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > Content-Length: 0
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > Expect: 100-continue
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: >
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < HTTP/1.1 403 Forbidden
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < x-amz-request-id: xxxx1
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < x-amz-id-2: xxxxGxxxxxx
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Content-Type: application/xml
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Transfer-Encoding: chunked
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Date: Mon, 24 Sep 2018 11:00:39 GMT
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Connection: close
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Server: AmazonS3
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: <
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: * Closing connection 4
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]:      HTTP response code 403 was returned, returning EPERM
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: /tmp/s3fs-fuse/src/s3fs.cpp:s3fs_open(2105): could not upload file(/site.sh): result=-1
Sep 24 07:00:40 XXXXXXXXX s3fs[74728]:      delete stat cache entry[path=/site.sh]
### Details about issue
we are unable to write to the bucket through s3fs mount after turning on the encryption and bucket policy .it works well without encryption and without bucket policy.

Originally created by @antonytphilip on GitHub (Sep 24, 2018). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/828 ### Additional Information _The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all._ #### Version of s3fs being used (s3fs --version) _example: 1.00_ Amazon Simple Storage Service File System V1.83(commit:7ba8784) with OpenSSL Copyright (C) 2010 Randy Rizun <rrizun@gmail.com> #### Version of fuse being used (pkg-config --modversion fuse) _example: 2.9.4_ 2.9.2 #### System information (uname -r) _command result: uname -r_ 3.10.0-862.11.6.el7.x86_64 #### Distro (cat /etc/issue) _command result: cat /etc/issue_ Red Hat Enterprise Linux Server release 7.5 (Maipo) #### s3fs command line used (if applicable) ``` ``` #### /etc/fstab entry (if applicable): ``` mybucket /jmybucketmount fuse.s3fs _netdev,allow_other,use_sse=kmsid:arn:aws:kms:us-east-1:xxxxxxx:key/xxxxxxxxx,url=https://s3.amazonaws.com,iam_role=auto,uid=1001,mp_umask=002,multireq_max=5,nonempty,dbglevel=INFO,curldbg 0 0 ``` #### s3fs syslog messages (grep s3fs /var/log/syslog, or s3fs outputs) _if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages_ ``` ```URL is https://s3.amazonaws.com/mybucket/site.sh URL changed is https://mybucket.s3.amazonaws.com/site.sh computing signature [PUT] [/site.sh] [] [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] url is https://s3.amazonaws.com uploading... [path=/site.sh][fd=8][size=0] * Found bundle for host mybucket.s3.amazonaws.com: 0x7f4d54003290 * Re-using existing connection! (#4) with host http.proxy.fmr.com * Connected to http.proxy.fmr.com (10.92.2.6) port 8000 (#4) > PUT /site.sh HTTP/1.1 > User-Agent: s3fs/1.83 (commit hash 7ba8784; OpenSSL) > Accept: */* > Authorization: AWS4-HMAC-SHA256 Credential=, SignedHeaders=content-type;host;x-amz-acl;x-amz-content-sha256;x-amz-date;x-amz-meta-gid;x-amz-meta-mode;x-amz-meta-mtime;x-amz-meta-uid;x-amz-security-token;x-amz-server-side-encryption;x-amz-server-side-encryption-aws-kms-key-id, Signature= > Content-Type: application/x-sh Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > host: mybucket.s3.amazonaws.com Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-acl: private Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-content-sha256: xxxxxxxxxxx Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-date: 20180924T110040Z Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-meta-gid: 0 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-meta-mode: 33188 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-meta-mtime: 1537785294 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-meta-uid: 0 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-security-token: xxxxxxxxxxxxxxxx Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-server-side-encryption: aws:kms Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:xxxxxx:key/xxxxx-xxx-xxxx-xxxxx-xxxxx Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > Content-Length: 0 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > Expect: 100-continue Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: > Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < HTTP/1.1 403 Forbidden Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < x-amz-request-id: xxxx1 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < x-amz-id-2: xxxxGxxxxxx Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Content-Type: application/xml Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Transfer-Encoding: chunked Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Date: Mon, 24 Sep 2018 11:00:39 GMT Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Connection: close Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Server: AmazonS3 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: < Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: * Closing connection 4 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: HTTP response code 403 was returned, returning EPERM Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: /tmp/s3fs-fuse/src/s3fs.cpp:s3fs_open(2105): could not upload file(/site.sh): result=-1 Sep 24 07:00:40 XXXXXXXXX s3fs[74728]: delete stat cache entry[path=/site.sh] ### Details about issue we are unable to write to the bucket through s3fs mount after turning on the encryption and bucket policy .it works well without encryption and without bucket policy.