-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NC | NSFS | Restrict path
and new_bucket_path
Values
#8177
Comments
@shirady This only happens because you use |
@romayalon @shirady Same reason as we protect it for things inside a bucket - to avoid exposing sensitive data from the system. For example what if someone managed to set the bucket path to |
@guymguym, I don't understand what is the exact difference if this link is a symlink or an absolute path in which we protect it? Currently, as I understand it what blocks a output (omitting details of
|
path
and new_bucket_path
Values
I changed the title of the issue to match what I wrote in the commented above, and so we will define it and solve it. |
Environment info
Actual behavior
(Originally it was with the title "Check Bucket Boundaries Fails Upload an Object")
Note: the origin of the error as will be described below is in the check bucket boundaries - it is relevant for more operations (listing objects in a bucket, etc.).
Expected behavior
Steps to reproduce
sudo node src/cmd/manage_nsfs account add --name <account-name> --new_buckets_path /tmp/nsfs_root1 --access_key <access-key> --secret_key <secret-key> --uid <uid> --gid <gid>
.Note: Before creating the account need to give permission to the new_buckets_path:
chmod 777 /tmp/nsfs_root1
.sudo node src/cmd/nsfs --debug 5
alias s3-nc-user-1='AWS_ACCESS_KEY_ID=<access-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:6443'
.s3-nc-user-1 s3 mb s3://shira-1001-bucket-1
.touch hello_world.txt
and thens3-nc-user-1 s3 cp hello_world.txt s3://shira-1001-bucket-1
, see the error:Note: after changing this line in the config:
config.NSFS_CHECK_BUCKET_BOUNDARIES = false; // SDSD
and restarting the server (ctrl + c and rerunsudo node src/cmd/nsfs --debug 5
) we do not have an error:s3-nc-user-1 s3 ls s3://shira-1001-bucket-1/
2024-07-02 13:32:07 0 hello_world.txt
More information - Screenshots / Logs / Other output
Logs from the server:
The text was updated successfully, but these errors were encountered: