使用 S3FS 挂载存储桶不适用于非 root 用户

Question

我正在尝试使用 s3fs 作为默认由 Exoscale 创建的 ubuntu 用户将 Exoscale 存储桶安装到运行 Ubuntu 20.04 的 Exoscale VM。在阅读了 s3fs README 和一些在线教程之后，我做了什么。

# install s3fs
sudo apt-get install -y s3fs

# create a password file with the right permissions
echo API-KEY:API-SECRET > /home/ubuntu/.passwd-s3fs
chmod 600 /home/ubuntu/.passwd-s3fs

# mount the bucket
sudo mkdir /home/ubuntu/bucket
sudo s3fs test-bucket /home/ubuntu/bucket -o passwd_file=${HOME}/.passwd-s3fs -o url=https://sos-bg-sof-1.exo.io

该命令不输出任何内容。 如果我尝试查看我获得的目录的权限

$ ls -l
ls: cannot access 'bucket': Permission denied
total 0
d????????? ? ? ? ?            ? bucket

如果我尝试在启用调试输出的情况下运行它，我会得到

sudo s3fs test-bucket /home/ubuntu/bucket -o passwd_file=${HOME}/.passwd-s3fs -o url=https://sos-bg-sof-1.exo.io -o dbglevel=info -f -o curldbg
[CRT] s3fs.cpp:set_s3fs_log_level(297): change debug level from [CRT] to [INF]
[INF]     s3fs.cpp:set_mountpoint_attribute(4400): PROC(uid=0, gid=0) - MountPoint(uid=1000, gid=1000, mode=40775)
[INF] s3fs.cpp:s3fs_init(3493): init v1.86(commit:unknown) with GnuTLS(gcrypt)
[INF] s3fs.cpp:s3fs_check_service(3828): check services.
[INF]       curl.cpp:CheckBucket(3413): check a bucket.
[INF]       curl.cpp:prepare_url(4703): URL is https://sos-bg-sof-1.exo.io/test-bucket/
[INF]       curl.cpp:prepare_url(4736): URL changed is https://test-bucket.sos-bg-sof-1.exo.io/
[INF]       curl.cpp:insertV4Headers(2753): computing signature [GET] [/] [] []
[INF]       curl.cpp:url_to_host(99): url is https://sos-bg-sof-1.exo.io
*   Trying 194.182.177.119:443...
* TCP_NODELAY set
* Connected to test-bucket.sos-bg-sof-1.exo.io (194.182.177.119) port 443 (#0)
* found 414 certificates in /etc/ssl/certs
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: *.sos-bg-sof-1.exo.io (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: OU=Domain Control Validated,OU=Gandi Standard Wildcard SSL,CN=*.sos-bg-sof-1.exo.io
*    start date: Mon, 22 Apr 2019 00:00:00 GMT
*    expire date: Thu, 22 Apr 2021 23:59:59 GMT
*    issuer: C=FR,ST=Paris,L=Paris,O=Gandi,CN=Gandi Standard SSL CA 2
> GET / HTTP/1.1
Host: test-bucket.sos-bg-sof-1.exo.io
User-Agent: s3fs/1.86 (commit hash unknown; GnuTLS(gcrypt))
Accept: */*
Authorization: AWS4-HMAC-SHA256 Credential=EXO6ff92566c0d6283678d65a81/20201209/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=22c63079ecfa9bf2f36f1da8e39835172bb1ce3cc59d62484cc0377c854571d4
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date: 20201209T141053Z

* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< server: nginx
< date: Wed, 09 Dec 2020 14:10:53 GMT
< content-type: application/xml
< content-length: 262
< vary: Accept-Encoding
< x-amz-bucket-region: bg-sof-1
< x-amz-request-id: 8536e881-5897-4843-b20e-891f734ccb2a
< x-amzn-requestid: 8536e881-5897-4843-b20e-891f734ccb2a
< x-amz-id-2: 8536e881-5897-4843-b20e-891f734ccb2a
<
* Connection #0 to host ubuntu-bucket-production-120920.sos-bg-sof-1.exo.io left intact
[INF]       curl.cpp:RequestPerform(2416): HTTP response code 200
[INF] curl.cpp:ReturnHandler(318): Pool full: destroy the oldest handler

不会输出任何明显的错误。

我在这里遗漏了什么吗？ .

执行与root 相同的操作按预期工作。但是，我打算禁用 root 访问，所以我需要让它以ubuntu 工作。

Answer 1

为了使它工作，我必须添加以下选项：

sudo s3fs test-bucket /home/ubuntu/bucket -o passwd_file=${HOME}/.passwd-s3fs -o url=https://sos-bg-sof-1.exo.io -ouid=1000,gid=1000,allow_other,mp_umask=002

希望这对其他人有帮助。