Comments (6)
I am not convinced that this is a good idea. As much as I see this as a neat feature, it is not what a user might expect when he issues a chmod on a seemingly local filesystem.
from riofs.
Well, by that logic, one shouldn't expect the S3 file to change when writing to a seemingly local filesystem :) Is there another way to set ACLs at the moment?
from riofs.
No, there is no feature in RioFS to change S3 ACL. RioFS is primarily intended to be used as an interface to S3 for legacy applications that require a POSIX-like filesystem. It is not intended as API alternative to the S3 API as it is a leaky abstraction. Therefore, I think adding features that would surprise legacy applications is not within the scope of RioFS.
from riofs.
Hi forgive me for commenting on a closed issue but I too feel like I need this feature I'm hoping somebody can advise me if I'm missing something...
To clarify: ours is a "legacy application" which is basically a large amount of html and php (along with sym links unfortunately) that we're needing to migrate off of some old servers and onto amazon s3. The way we're headed is everything both the html and the php is getting transferred into s3, with the html getting served directly from s3 while the php is served off ec2 instances that would see the php files as if they're local, thanks to riofs.
In our case all these legacy html and php files do have users/groups/permissons assigned that must be retained (in some fashion) in the new system. e.g. we have different editorial groups that have corresponding unix groups to limit their write permissions to just those files they're responsible for (even though they may have read permissions for most everything else).
Because our content has sym links (which we're hopeful riofs might be enhanced to support like s3fs does), we can't load our content directly into S3. Instead we'll need to load our files via riofs so that it has the opportunity to create the simulated sym link objects in S3. So we'd be copying the files into riofs, untarring files into riofs, using rsync into riofs, etc.
In these cases we'd need the permissions currently on the files to flow through riofs and onto the files ("objects") in S3. i.e. I can't think of any alternative way to getting the permissions correct in S3 unless riofs is trying to set them as it's creating the copied in files?
Am I missing something?
from riofs.
If this feature is requested by RioFS users we could store (and load) files and directories permissions in S3 custom headers. And make this feature optional (disabled by the default).
from riofs.
Thanks Wizzard. I wonder now if I was oversimplifying. I was thinking/hoping we might create our same unix users and groups in S3 and be able to truly have the S3 object permissions one for one (maybe reflected onto the rio cache file permissions?) But maybe it's not so simple.
Update: I just learned things are harder than I'd hoped - it doesn't look like you could easily map unix user/group permissions to S3 ACLs. I guess this is what henningpeters and wizzard understood that was going over my head. Don't mean to flood the issues list but in case it's helpful for others...
Details here:
http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#SpecifyingGrantee
Note in particular:
"When using ACLs, a grantee can be an AWS account or one of the predefined Amazon S3 groups. However, the grantee cannot be an Identity and Access Management (IAM) user. "
Where in the above the "predefined Amazon S3 Groups" would not map easily to unix groups (unless people constrained their unix groups to a special set of groups designed to correspond to the amazon "Authenticated Users", "All Users", "Log Delivery" S3 groups?).
And then the AWS account names (at least in my case) would not easily map to our unix users (I was thinking making IAM users corresponding to our unix users might be doable, but creating AWS accounts corresponding to each user doesn't seem doable).
So I guess I understand a little better why riofs can't have simple user/group permission handling but I guess I'm a little confused - are people instead managing their permissions directly through e.g. Amazon AWS Console or Amazon's S3 apis instead of thru riofs?
from riofs.
Related Issues (20)
- How does caching work? Under what conditions can it fail? HOT 2
- build fails with openssl-1.1 ( SSL_library_init symbol not found )
- openssl 1.1 "make" failed HOT 4
- Does riofs support cn-north-1 region? HOT 1
- Latest commits affect stability HOT 6
- riofs and google cloud storage s3 compatibility HOT 3
- possibility to use HTTPS endpoint on different port HOT 2
- [Request] Digital Ocean S3 Spaces HOT 5
- unrecoverable crash HOT 2
- If cache directory is deleted, RioFS is not creating it again unless restart RioFS HOT 1
- Is it possible to use riofs with localstack? HOT 1
- Unable to rename files HOT 2
- Permission Issue in Riofs and Fuse with ???????
- riofs automatically un-mount in server
- RIOFS Auto demount HOT 1
- Is anyone available to do some PAID support? HOT 1
- RioFS cannot mount AWS S3 buckets HOT 4
- it is possible to use riofs with cross account profiles? HOT 1
- stable enough for production use? HOT 3
- Large files performance
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from riofs.