- Newest
- Most votes
- Most comments
Hello,
Thank you for reaching out.
Kindly note, when importing objects from S3 that don't have POSIX permissions configured in the user-defined metadata[1][2], the default POSIX permission that FSx for Lustre assigns to a file is 755. This permission allows read and execute access for all users and write access for the owner of the file. Please see the FSx for Lustre user guide[3] used as reference
To ensure that your ubuntu user has access to files directly upload to S3, you need to ensure the files are uploaded using at least the following user-defined metadata
x-amz-meta-file-permissions
- The file type and permissions in the format <octal file type><octal permission mask>, consistent with st_mode in the Linux stat(2) man page https://man7.org/linux/man-pages/man2/lstat.2.html . Please
x-amz-meta-file-owner
– The owner user ID (UID) expressed as an integer.
x-amz-meta-file-group
– The group ID (GID) expressed as an integer.
EXAMPLE:
x-amz-meta-file-permissions : 0100775
x-amz-meta-file-owner : 1001
x-amz-meta-file-group : 1001
This permission allows read and execute access for OTHER users, and read,write & execute access for the owner with UID 1001 & group with GID 1001 the file is associated with. "010" octal file type in x-amz-meta-file-permissions stands for a regular file, please see link [3] & [5] and 0775 represents the octal permission mask
REFERENCE
[1] User-defined object metadata - https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingMetadata.html#UserMetadata
[2] Editing object metadata in the Amazon S3 console - https://docs.aws.amazon.com/AmazonS3/latest/userguide/add-object-metadata.html
[3] POSIX metadata support for data repositories - https://docs.aws.amazon.com/fsx/latest/LustreGuide/posix-metadata-support.html
[4] https://codegolf.stackexchange.com/questions/220255/filetype-color-codes
Relevant content
- Accepted Answerasked a year ago
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 months ago
Hi Anganam,
Thank you for your thorough reply! Indeed manually setting the x-amz-meta-file-permissions solves the problem however I was hoping to find a solution that does not rely on many users to remember to set the correct metadata. I was hoping there was a solution that is more automated or where a default can be set. From what I have read it is not possible to set default metadata for all objects entering a s3 bucket. Creating a lambda function that takes s3 events and corrects the metadata would be an option albeit a not a very efficient one. I thought the default POSIX ACLs set on the FSx mount would work. They do but are overwritten by the default 0755 permissions mask. Ideally there would be a way to make it work with ACLs like a real filesystem.