mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2026-04-25 05:16:00 +03:00
[GH-ISSUE #1537] no root user unable to access sub directory of mount #809
Labels
No labels
bug
bug
dataloss
duplicate
enhancement
feature request
help wanted
invalid
need info
performance
pull-request
question
question
testing
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/s3fs-fuse#809
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @DBAShand on GitHub (Jan 27, 2021).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/1537
Additional Information
The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all.
Keep in mind that the commands we provide to retrieve information are oriented to GNU/Linux Distributions, so you could need to use others if you use s3fs on macOS or BSD
Version of s3fs being used (s3fs --version)
V1.88
Version of fuse being used (pkg-config --modversion fuse, rpm -qi fuse, dpkg -s fuse)
2.9.2
Name : fuse
Version : 2.9.2
Release : 11.amzn2
Architecture: x86_64
Install Date: Mon 25 Jan 2021 10:33:59 AM EST
Group : System Environment/Base
Size : 222809
License : GPL+
Signature : RSA/SHA256, Thu 06 Dec 2018 02:31:53 PM EST, Key ID 11cf1f95c87f5b1a
Source RPM : fuse-2.9.2-11.amzn2.src.rpm
Build Date : Fri 16 Nov 2018 03:35:39 PM EST
Build Host : build.amazon.com
Relocations : (not relocatable)
Packager : Amazon Linux
Vendor : Amazon Linux
URL : https://github.com/libfuse/libfuse
Summary : File System in Userspace (FUSE) utilities
Description :
With FUSE it is possible to implement a fully functional filesystem in a
userspace program. This package contains the FUSE userspace tools to
mount a FUSE filesystem.
Kernel information (uname -r)
4.14.209-160.339.amzn2.x86_64
GNU/Linux Distribution, if applicable (cat /etc/os-release)
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3⭕amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
s3fs command line used, if applicable
dzdo s3fs argus-database-archive /sqlbackups -o use_cache=/tmp -o allow_other -o uid=1001 -o mp_umask=007 -o multireq_max=5
/etc/fstab entry, if applicable
s3fs syslog messages (grep s3fs /var/log/syslog, journalctl | grep s3fs, or s3fs outputs)
[CRT] s3fs_logger.cpp:LowSetLogLevel(201): change debug level from [CRT] to [INF]
[CRT] s3fs_logger.cpp:LowSetLogLevel(201): change debug level from [INF] to [DBG]
[INF] s3fs.cpp:set_mountpoint_attribute(3994): PROC(uid=0, gid=0) - MountPoint(uid=0, gid=0, mode=40777)
[INF] s3fs_util.cpp:compare_sysname(358): system name is Linux
[WAN] curl.cpp:InitMimeType(406): Could not find mime.types files, you have to create file(/etc/mime.types) or specify mime option for existing mime.types file.
[WAN] s3fs.cpp:main(4887): Missing MIME types prevents setting Content-Type on uploaded objects.
[INF] fdcache_stat.cpp:CheckCacheFileStatTopDir(79): The path to cache top dir is empty, thus not need to check permission.
[INF] s3fs.cpp:s3fs_init(3305): init v1.88(commit:17fda89) with OpenSSL
[INF] s3fs.cpp:s3fs_check_service(3421): check services.
[INF] curl.cpp:CheckBucket(3327): check a bucket.
[DBG] curl_handlerpool.cpp:GetHandler(81): Get handler from pool: rest = 31
[INF] curl_util.cpp:prepare_url(250): URL is https://s3.amazonaws.com/bucketname/
[INF] curl_util.cpp:prepare_url(283): URL changed is https://bucketname.s3.amazonaws.com/
[DBG] curl.cpp:RequestPerform(2234): connecting to URL https://bucketname.s3.amazonaws.com/
[ERR] curl.cpp:insertV4Headers(2599): Failed to make SHA256.
[INF] curl.cpp:insertV4Headers(2603): computing signature [GET] [/] [] []
[INF] curl_util.cpp:url_to_host(327): url is https://s3.amazonaws.com
[CURL DBG] * Trying ip.address...
[CURL DBG] * TCP_NODELAY set
[CURL DBG] * Connected to bucketname.s3.amazonaws.com (ip.address) port 443 (#0)
[CURL DBG] * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
[CURL DBG] * successfully set certificate verify locations:
[CURL DBG] * CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
[CURL DBG] * TLSv1.2 (OUT), TLS header, Certificate Status (22):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Client hello (1):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server hello (2):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Certificate (11):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Server finished (14):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
[CURL DBG] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
[CURL DBG] * TLSv1.2 (OUT), TLS handshake, Finished (20):
[CURL DBG] * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
[CURL DBG] * TLSv1.2 (IN), TLS handshake, Finished (20):
[CURL DBG] * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
[CURL DBG] * Server certificate:
[CURL DBG] * subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=.s3.amazonaws.com
[CURL DBG] * start date: Nov 9 00:00:00 2019 GMT
[CURL DBG] * expire date: Mar 12 12:00:00 2021 GMT
[CURL DBG] * subjectAltName: host "bucketname.s3.amazonaws.com" matched cert's ".s3.amazonaws.com"
[CURL DBG] * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
[CURL DBG] * SSL certificate verify ok.
[CURL DBG] > GET / HTTP/1.1
[CURL DBG] > Host: bucketname.s3.amazonaws.com
[CURL DBG] > User-Agent: s3fs/1.88 (commit hash
17fda89; OpenSSL)[CURL DBG] > Accept: /
[CURL DBG] > Authorization: AWS4-HMAC-SHA256 Credential=credentials/20210127/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=3e353397e4101d948c3fa326e6821c3c4755418154907e5c58af3d758c96cfd4
[CURL DBG] > x-amz-content-sha256: changed
[CURL DBG] > x-amz-date: 20210127T130213Z
[CURL DBG] >
[CURL DBG] < HTTP/1.1 200 OK
[CURL DBG] < x-amz-id-2: 59mT2r/changed=
[CURL DBG] < x-amz-request-id: D62733548A2CEEC0
[CURL DBG] < Date: Wed, 27 Jan 2021 13:02:14 GMT
[CURL DBG] < x-amz-bucket-region: us-east-1
[CURL DBG] < Content-Type: application/xml
[CURL DBG] < Transfer-Encoding: chunked
[CURL DBG] < Server: AmazonS3
[CURL DBG] <
[CURL DBG] * Connection #0 to host bucketname.s3.amazonaws.com left intact
[INF] curl.cpp:RequestPerform(2267): HTTP response code 200
[DBG] curl_handlerpool.cpp:ReturnHandler(103): Return handler to pool
[INF] curl_handlerpool.cpp:ReturnHandler(110): Pool full: destroy the oldest handler
[INF] s3fs.cpp:s3fs_getattr(781): [path=/]
[DBG] s3fs.cpp:check_parent_object_access(616): [path=/]
[DBG] s3fs.cpp:check_object_access(510): [path=/]
[DBG] s3fs.cpp:get_object_attribute(363): [path=/]
[DBG] fdcache.cpp:ExistOpen(525): [path=/][fd=-1][ignore_existfd=false]
[DBG] fdcache.cpp:Open(445): [path=/][size=-1][time=-1]
[DBG] s3fs.cpp:s3fs_getattr(804): [path=/] uid=0, gid=0, mode=40777
[INF] s3fs.cpp:s3fs_getattr(781): [path=/]
[DBG] s3fs.cpp:check_parent_object_access(616): [path=/]
We are able to access the mount created to the s3 bucket. When we dzdo/sudo we can access any files in the mount.