s3fs: credentials file /etc/passwd-s3fs should not have others permissions

xiongxu / s3fs

Automatically exported from code.google.com/p/s3fs

GNU General Public License v2.0

0 stars 0 forks source link

s3fs: credentials file /etc/passwd-s3fs should not have others permissions #127

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?

When I try and mount the s3fs by doing: /usr/bin/s3fs bucket /mnt/s3/

What is the expected output? What do you see instead?

Instead of a successful mount I receive the following error:

s3fs: credentials file /etc/passwd-s3fs should not have others permissions

What version of the product are you using? On what operating system?

I was using s3fs-1.16 r256 on CentOS 4.4

Please provide any additional information below.

My /etc/passwd-s3fs is using the correct format accessKeyId:secretAccessKey

I decided to use an older version, s3fs-1.10 and everything worked perfectly.

Original issue reported on code.google.com by pettijoh...@gmail.com on 24 Nov 2010 at 10:28

GoogleCodeExporter commented 9 years ago

We added a feature which prevents s3fs from running if the permissions file has 
permissions that are too lax. This is for the user's protection -- you wouldn't 
want your AWS credentials to be stolen :) Unfortunately it looks like that 
feature is being overzealous -- we should probably allow 640 for 
/etc/passwd-s3fs, and only 600 for ~/.passwd-s3fs

The solution is just to run:
cp /etc/passwd-s3fs ~/.passwd-s3fs
chmod 600 ~/.passwd-s3fs

Original comment by apetresc on 24 Nov 2010 at 10:32

GoogleCodeExporter commented 9 years ago

Haha well that makes sense. Thanks a lot for the quick response!

Original comment by pettijoh...@gmail.com on 24 Nov 2010 at 10:41

GoogleCodeExporter commented 9 years ago

Adrian, I think that I got this correct. The error message said "others" 
permission on /etc/passwd-s3fs (not group).  Unfortunately, John didn't give us 
a long listing of /etc/passwd-s3fs to verify this, but I suspect that it had 
others read permission.

Original comment by dmoore4...@gmail.com on 24 Nov 2010 at 10:53

GoogleCodeExporter commented 9 years ago

Whoops, my bad! So a:

chmod 640 /etc/passwd-s3fs

should do the trick too.

Original comment by apetresc on 24 Nov 2010 at 10:56

GoogleCodeExporter commented 9 years ago

-rw-r--r--  1 root root 62 Nov 26  2010 /etc/passwd-s3fs

Original comment by pettijoh...@gmail.com on 24 Nov 2010 at 10:57

GoogleCodeExporter commented 9 years ago

So that confirms what Dan was saying. 640 is okay, 644 is not.

Original comment by apetresc on 24 Nov 2010 at 11:09

GoogleCodeExporter commented 9 years ago

This issue was closed by revision r266.

Original comment by dmoore4...@gmail.com on 24 Nov 2010 at 11:15

Changed state: Fixed

GoogleCodeExporter commented 9 years ago

Hi,

I just get this issue with latest version (1.63 - r390)
When try to set 640, it works.

Original comment by must...@lettoblog.com on 3 Mar 2013 at 1:21