11

We are currently trying to demo the google cloud platform for some workloads that require lots of storage. We are trying to use google cloud storage but are having problems mounting the buckets using gcsfuse. I am currently able to mount my test bucket as the root user (with the allow_other option set) but nonroot users only have read access.

Things I have tried and checked :

  • setting the mount point to 777. Perms are overwritten when the bucket is mounted.
  • the user shown in gcloud config list | grep account has been given owner access for this bucket
  • the VM that I'm testing on has full API access to all Google Cloud Services

Here is the console output - Catting and touching animal.txt to update the time stamp.

root@vm-00 cloud]# grep bucket /etc/fstab
test_bucket_00 /data/cloud/tb-00 gcsfuse  rw,allow_other
[root@vm-00 cloud]# mount tb-00
Calling gcsfuse with arguments: -o rw -o allow_other test_bucket_00 /data/cloud/tb-00
Using mount point: /data/cloud/tb-00
Opening GCS connection...
Opening bucket...
Mounting file system...
File system has been successfully mounted.
[root@vm-00 cloud]# mount | grep bucket
test_bucket_00 on /data/cloud/tb-00 type fuse (rw,nosuid,nodev,allow_other,default_permissions)
[root@vm-00 cloud]# ls -lh /data/cloud/tb-00/animal.txt ; date ; touch/data/cloud/tb-00/animal.txt ; ls -lh /data/cloud/tb-00/animal.txt 
-rw-r--r--. 1 root root 20 Jan 21 00:24 /data/cloud/tb-00/animal.txt
Thu Jan 21 00:25:37 UTC 2016
-rw-r--r--. 1 root root 20 Jan 21 00:25 /data/cloud/tb-00/animal.txt
[root@vm-00 cloud]# cat /data/cloud/tb-00/animal.txt
ants bats cats dogs
[root@vm-00 cloud]# ls -lh /data/cloud
total 4.0K
drwxr-xr-x. 1 root root    0 Jan 21 00:25 tb-00
[root@vm-00 cloud]# chmod 777 /data/cloud/tb-00
[root@vm-00 cloud]# ls -lh /data/cloud
total 4.0K
drwxr-xr-x. 1 root root    0 Jan 21 00:25 tb-00
[root@vm-00 cloud]# gcloud config list
Your active configuration is: [NONE]
[core]
account = REDACTED1234-compute@developer.gserviceaccount.com
disable_usage_reporting = True
project = testing1-1148
[root@vm-00 cloud]#

and now as a nonroot user I am able to see the contents of animal.txt but I can't touch the file or create a new file in that directory. :

[testuser@vm-00 ~]$ cat /data/cloud/tb-00/animal.txt
ants bats cats dogs
[testuser@vm-00 ~]$ touch /data/cloud/tb-00/mineral.txt
touch: cannot touch `/data/cloud/tb-00/mineral.txt': Permission denied
[testuser@vm-00 ~]$ gcloud config list
Your active configuration is: [NONE]
[core]
account = REDACTED1234-compute@developer.gserviceaccount.com
disable_usage_reporting = True
project = testing1-1148

Is gcsfuse the right way to go about this or is there a better solution for mounting a google cloud storage bucket available on a systemwide level? I know the docs say not to mount the bucket as root but I didnt see anything that explained why it's bad. I tried to mount as a nonroot user but I got a permission issue, even after the user was added to the fuse group. I'm not sure if that's related to my problem but I would love to dig into that once I get this working.

echdee
  • 213
  • 1
  • 2
  • 6

2 Answers2

10

644 and 755 are the default permissions for all file and directory inodes in a gcsfuse file system. You can use the --file-mode and --dir-mode flags to control them. See here for documentation.

jacobsa
  • 439
  • 3
  • 11
  • 1
    Thank you very much, I cant believe I missed that. So I'm now able to get the results I want using `gcsfuse -o allow_other -file-mode=777 -dir-mode=777 test_bucket_00 /data/cloud/tb-00` but I'm having trouble with the fstab entry. dir-mode and file-mode seem to options that are handled differently than the regular fstab options. `test_bucket_00 /data/cloud/tb-00 gcsfuse rw,allow_other,file-mode=777,dir-mode=777` attempts to call gcsfuse in the following manner : `Calling gcsfuse with arguments: -o allow_other -o file-mode=777 -o dir-mode=777 -o rw test_bucket_00 /data/cloud/tb-00` – echdee Jan 21 '16 at 18:41
  • Could you please [file an issue](https://github.com/GoogleCloudPlatform/gcsfuse/issues) for that? – jacobsa Jan 21 '16 at 22:31
  • that document makes absolutely nothing clear – ekkis Sep 02 '22 at 06:18
4

To create the fstab entry using echdee's example, specify the gcsfuse dir-mode and file-mode attributes with underscores:

test_bucket_00 /data/cloud/tb-00 gcsfuse rw,allow_other,file_mode=777,dir_mode=777

https://github.com/GoogleCloudPlatform/gcsfuse/blob/master/docs/mounting.md