Hi folks, i'm trying to mount a gs bucket on an Ubuntu 14.04 server. The intent is to use it to have a cold-standby availability for a piece of php software that we don't fully control, and as such cannot modify for… a better availability model :)
I have created a dedicated cached dir for the application, owned by the application service user (the service being php-fpm) igalic@p3app01 ~> sudo -H ls -lahrt /srv/web/.s3ql_acme/ total 96K -r-------- 1 acme.at www-data 184 Jän 21 15:16 authinfo2 drwxr-xr-x 6 root root 4,0K Jän 22 14:37 .. -rw-r--r-- 1 acme.at www-data 0 Jän 22 14:48 mount.s3ql_crit.log drwxr-xr-x 2 acme.at www-data 4,0K Jän 22 15:15 gs:=2F=2Fgitbucket=2Facme-cache.bak0 drwxr-xr-x 2 acme.at www-data 4,0K Jän 22 15:17 gs:=2F=2Fgitbucket=2Facme-cache.bak1 drwxr-xr-x 2 acme.at www-data 4,0K Jän 22 15:19 gs:=2F=2Fgitbucket=2Facme-cache.bak2 -rw------- 1 acme.at www-data 64K Jän 22 15:56 gs:=2F=2Fgitbucket=2Facme.db drwxr-xr-x 2 acme.at www-data 4,0K Jän 22 15:56 gs:=2F=2Fgitbucket=2Facme-cache drwxr-x--- 6 acme.at www-data 4,0K Jän 22 15:56 . -rw-r--r-- 1 acme.at www-data 191 Jän 22 15:56 gs:=2F=2Fgitbucket=2Facme.params here's the authinfo2 file: [gs] storage-url = gs://gitbucket/acme backend-login = oauth2 backend-password = 1/very secure authtoken fs-passphrase = very secure password now, when i s3ql.mount the filesystem, everyting *seems* fine: igalic@p3app01 ~> mount | grep s3ql gs://gitbucket/acme on /srv/web/acme.at type fuse.s3ql (rw,nosuid,nodev,allow_other,default_permissions,user=acme.at) however, any attempt to access the mountpoint requires root, or the acme.at user: igalic@p3app01 ~> ls -lahrt /srv/web/ ls: /srv/web/acme.at: Permission denied total 16K drwxr-xr-x 4 root root 4,0K Jän 20 14:03 .. drwxr-xr-x 1 acme.at www-data 0 Jän 21 12:59 acme.at drwxr-xr-x 6 root root 4,0K Jän 22 14:37 . drwxr-x--- 6 acme.at www-data 4,0K Jän 22 15:56 .s3ql_acme igalic@p3app01 ~> sudo -H ls -lahrt /srv/web/ total 16K drwxr-xr-x 4 root root 4,0K Jän 20 14:03 .. drwxr-xr-x 1 acme.at www-data 0 Jän 21 12:59 acme.at drwxr-xr-x 6 root root 4,0K Jän 22 14:37 . drwxr-x--- 6 acme.at www-data 4,0K Jän 22 15:56 .s3ql_acme but more importantly: igalic@p3app01 ~> sudo -H -u www-data -g www-data ls -lahrt /srv/web/ ls: /srv/web/acme.at: Permission denied total 16K drwxr-xr-x 4 root root 4,0K Jän 20 14:03 .. drwxr-xr-x 1 acme.at www-data 0 Jän 21 12:59 acme.at drwxr-xr-x 6 root root 4,0K Jän 22 14:37 . drwxr-x--- 6 acme.at www-data 4,0K Jän 22 15:56 .s3ql_acme stracing the process simply shows EACCESS on /srv/web/acme.at /var/log/* has absolutely nothing to say about any of this. Selinux is disabled. There are no extended ACLs or other attributes set. the only hint at something being slightly out of the ordinary comes from lsattr complaining about igalic@p3app01 ~> sudo -H lsattr /srv/web/acme.at lsattr: Inappropriate ioctl for device While reading flags on /srv/web/acme.at/lost+found but that seems rather sensible, given that this isn't an ~ordinary~ filesystem we're dealing with. In summary: mount.s3ql works fine, but seems unusable to anyone other than root, or the mounting user, despite --allow-other. That's all i have for now, I'm happy to keep digging. o/~ i -- You received this message because you are subscribed to the Google Groups "s3ql" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
