[GH-ISSUE #966] Access to a non public bucket. #538

Open
opened 2026-03-04 01:46:29 +03:00 by kerem · 3 comments
Owner

Originally created by @SirkoMann9 on GitHub (Feb 27, 2019).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/966

Version of s3fs being used (s3fs --version)

Amazon Simple Storage Service File System V1.79(commit:unknown) with GnuTLS(gcrypt)

Version of fuse being used (pkg-config --modversion fuse, rpm -qi fuse, dpkg -s fuse)

Version: 2.9.4-1ubuntu3.1

Kernel information (uname -r)

4.4.0-1075-aws

GNU/Linux Distribution, if applicable (cat /etc/os-release)

NAME="Ubuntu"
VERSION="16.04.6 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.6 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial

s3fs command line used, if applicable

s3fs bucket-name local-mount-point -ouse_cache=/tmp -d -o dbglevel=info -o curldbg

s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs)

Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Ignoring the response-body
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Connection #0 to host s3fs-ec2.s3.amazonaws.com left intact
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Issue another request to this URL: 'http://s3fs-ec2.s3-us-west-2.amazonaws.com/'
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Hostname s3fs-ec2.s3-us-west-2.amazonaws.com was found in DNS cache
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: *   Trying 52.218.204.81...
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Connected to s3fs-ec2.s3-us-west-2.amazonaws.com (52.218.204.81) port 80 (#1)
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: > GET / HTTP/1.1#015#012Host: s3fs-ec2.s3-us-west-2.amazonaws.com#015#012Accept: */*#015#012Date: Wed, 27 Feb 2019 20:55:59 GMT
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < HTTP/1.1 403 Forbidden
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < x-amz-bucket-region: us-west-2
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < x-amz-request-id: 6E07C8F64DBCBFFF
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < x-amz-id-2: +hDTpncjH6WvlnOC4V+GJl6m3IGFaqjA8EAcmCWikSTCcpz5mhz1lyTEYsXffDXjEt6vi7BEWVY=
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Content-Type: application/xml
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Transfer-Encoding: chunked
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Date: Wed, 27 Feb 2019 20:55:58 GMT
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Server: AmazonS3
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: <
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Connection #1 to host s3fs-ec2.s3-us-west-2.amazonaws.com left intact
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]:       HTTP response code 403 was returned, returning EPERM
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: CheckBucket(2675): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6E07C8F64DBCBFFF</RequestId><HostId>+hDTpncjH6WvlnOC4V+GJl6m3IGFaqjA8EAcmCWikSTCcpz5mhz1lyTEYsXffDXjEt6vi7BEWVY=</HostId></Error>
Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: s3fs_check_service(3707): invalid credentials - result of checking service.

Details about issue

Looks like it dont like my credentials, but when I use them with aws-cli they are working well. I tried to change the permissions on the bucket to public and it's working. I do need it for a non public bucket. Is this possible?

Originally created by @SirkoMann9 on GitHub (Feb 27, 2019). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/966 #### Version of s3fs being used (s3fs --version) Amazon Simple Storage Service File System V1.79(commit:unknown) with GnuTLS(gcrypt) #### Version of fuse being used (pkg-config --modversion fuse, rpm -qi fuse, dpkg -s fuse) Version: 2.9.4-1ubuntu3.1 #### Kernel information (uname -r) 4.4.0-1075-aws #### GNU/Linux Distribution, if applicable (cat /etc/os-release) NAME="Ubuntu" VERSION="16.04.6 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.6 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial #### s3fs command line used, if applicable s3fs bucket-name local-mount-point -ouse_cache=/tmp -d -o dbglevel=info -o curldbg #### s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs) ``` Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Ignoring the response-body Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Connection #0 to host s3fs-ec2.s3.amazonaws.com left intact Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Issue another request to this URL: 'http://s3fs-ec2.s3-us-west-2.amazonaws.com/' Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Hostname s3fs-ec2.s3-us-west-2.amazonaws.com was found in DNS cache Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Trying 52.218.204.81... Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Connected to s3fs-ec2.s3-us-west-2.amazonaws.com (52.218.204.81) port 80 (#1) Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: > GET / HTTP/1.1#015#012Host: s3fs-ec2.s3-us-west-2.amazonaws.com#015#012Accept: */*#015#012Date: Wed, 27 Feb 2019 20:55:59 GMT Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < HTTP/1.1 403 Forbidden Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < x-amz-bucket-region: us-west-2 Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < x-amz-request-id: 6E07C8F64DBCBFFF Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < x-amz-id-2: +hDTpncjH6WvlnOC4V+GJl6m3IGFaqjA8EAcmCWikSTCcpz5mhz1lyTEYsXffDXjEt6vi7BEWVY= Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Content-Type: application/xml Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Transfer-Encoding: chunked Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Date: Wed, 27 Feb 2019 20:55:58 GMT Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Server: AmazonS3 Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: < Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: * Connection #1 to host s3fs-ec2.s3-us-west-2.amazonaws.com left intact Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: HTTP response code 403 was returned, returning EPERM Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: CheckBucket(2675): Check bucket failed, S3 response: <?xml version="1.0" encoding="UTF-8"?>#012<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6E07C8F64DBCBFFF</RequestId><HostId>+hDTpncjH6WvlnOC4V+GJl6m3IGFaqjA8EAcmCWikSTCcpz5mhz1lyTEYsXffDXjEt6vi7BEWVY=</HostId></Error> Feb 27 20:55:59 ip-172-31-27-203 s3fs[2673]: s3fs_check_service(3707): invalid credentials - result of checking service. ``` ### Details about issue Looks like it dont like my credentials, but when I use them with aws-cli they are working well. I tried to change the permissions on the bucket to public and it's working. I do need it for a non public bucket. Is this possible?
Author
Owner

@ahkok commented on GitHub (Mar 1, 2019):

"metoo"

Amazon Simple Storage Service File System V1.84(commit:unknown) with OpenSSL (Clear Linux OS)

aws s3 ls shows the bucket I'm requesting. I followed the standard instructions to setup the credentials file.

<!-- gh-comment-id:468781109 --> @ahkok commented on GitHub (Mar 1, 2019): "metoo" `Amazon Simple Storage Service File System V1.84(commit:unknown) with OpenSSL` (Clear Linux OS) `aws s3 ls` shows the bucket I'm requesting. I followed the standard instructions to setup the credentials file.
Author
Owner

@gaul commented on GitHub (Apr 9, 2019):

@SirkoMann9 Can you test with the latest 1.85? 1.79 is three years old and newer versions resolve many issues.

<!-- gh-comment-id:481179101 --> @gaul commented on GitHub (Apr 9, 2019): @SirkoMann9 Can you test with the latest 1.85? 1.79 is three years old and newer versions resolve many issues.
Author
Owner

@ramseydsilva commented on GitHub (Apr 25, 2019):

I am getting the same 403 error when mounting a newly created non-public bucket from a ec2 instance in a region different from my s3 bucket (with version 1.85). It seems to work after a few hours.

<!-- gh-comment-id:486835477 --> @ramseydsilva commented on GitHub (Apr 25, 2019): I am getting the same 403 error when mounting a newly created non-public bucket from a ec2 instance in a region different from my s3 bucket (with version 1.85). It seems to work after a few hours.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/s3fs-fuse#538
No description provided.