We are currently trying to demo the google cloud platform for some workloads that require lots of storage. We are trying to use google cloud storage but are having problems mounting the buckets using gcsfuse. I am currently able to mount my test bucket as the root user (with the allow_other option set) but nonroot users only have read access.
Things I have tried and checked :
- setting the mount point to 777. Perms are overwritten when the bucket is mounted.
- the user shown in
gcloud config list | grep accounthas been given owner access for this bucket - the VM that I'm testing on has full API access to all Google Cloud Services
Here is the console output – Catting and touching animal.txt to update the time stamp.
root@vm-00 cloud]# grep bucket /etc/fstab
test_bucket_00 /data/cloud/tb-00 gcsfuse rw,allow_other
[root@vm-00 cloud]# mount tb-00
Calling gcsfuse with arguments: -o rw -o allow_other test_bucket_00 /data/cloud/tb-00
Using mount point: /data/cloud/tb-00
Opening GCS connection...
Opening bucket...
Mounting file system...
File system has been successfully mounted.
[root@vm-00 cloud]# mount | grep bucket
test_bucket_00 on /data/cloud/tb-00 type fuse (rw,nosuid,nodev,allow_other,default_permissions)
[root@vm-00 cloud]# ls -lh /data/cloud/tb-00/animal.txt ; date ; touch/data/cloud/tb-00/animal.txt ; ls -lh /data/cloud/tb-00/animal.txt
-rw-r--r--. 1 root root 20 Jan 21 00:24 /data/cloud/tb-00/animal.txt
Thu Jan 21 00:25:37 UTC 2016
-rw-r--r--. 1 root root 20 Jan 21 00:25 /data/cloud/tb-00/animal.txt
[root@vm-00 cloud]# cat /data/cloud/tb-00/animal.txt
ants bats cats dogs
[root@vm-00 cloud]# ls -lh /data/cloud
total 4.0K
drwxr-xr-x. 1 root root 0 Jan 21 00:25 tb-00
[root@vm-00 cloud]# chmod 777 /data/cloud/tb-00
[root@vm-00 cloud]# ls -lh /data/cloud
total 4.0K
drwxr-xr-x. 1 root root 0 Jan 21 00:25 tb-00
[root@vm-00 cloud]# gcloud config list
Your active configuration is: [NONE]
[core]
account = REDACTED1234-compute@developer.gserviceaccount.com
disable_usage_reporting = True
project = testing1-1148
[root@vm-00 cloud]#
and now as a nonroot user I am able to see the contents of animal.txt but I can't touch the file or create a new file in that directory. :
[testuser@vm-00 ~]$ cat /data/cloud/tb-00/animal.txt
ants bats cats dogs
[testuser@vm-00 ~]$ touch /data/cloud/tb-00/mineral.txt
touch: cannot touch `/data/cloud/tb-00/mineral.txt': Permission denied
[testuser@vm-00 ~]$ gcloud config list
Your active configuration is: [NONE]
[core]
account = REDACTED1234-compute@developer.gserviceaccount.com
disable_usage_reporting = True
project = testing1-1148
Is gcsfuse the right way to go about this or is there a better solution for mounting a google cloud storage bucket available on a systemwide level? I know the docs say not to mount the bucket as root but I didnt see anything that explained why it's bad. I tried to mount as a nonroot user but I got a permission issue, even after the user was added to the fuse group. I'm not sure if that's related to my problem but I would love to dig into that once I get this working.
Best Answer
644and755are the default permissions for all file and directory inodes in a gcsfuse file system. You can use the--file-modeand--dir-modeflags to control them. See here for documentation.