MinIO: Insufficient permissions to access this file

edit
Fork to remote system
raw

0-README.rst

Error with S3-compatible MinIO server:

$ mc cp test-minio-main-readonly/mybucket/hello.txt .
mc: <ERROR> Unable to validate source `test-minio-main-readonly/mybucket/hello.txt`.

$ mc cat test-minio-main-readonly/mybucket/hello.txt .
mc: <ERROR> Unable to read from `test-minio-main-readonly/mybucket/hello.txt`. Insufficient permissions to access this file `http://localhost:9001/mybucket/hello.txt`.

Solution: The policy allowed actions only for the bucket, but not for the files in the bucket.

raw

1-broken-policy.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "readonly",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::mybucket"
        },
        {
            "Sid": "readonly",
            "Effect": "Allow",
            "Action": "s3:HeadBucket",
            "Resource": "arn:aws:s3:::mybucket"
        }
    ]
}
 
raw

2-correct-policy.json

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "readonly",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::mybucket/*"
        },
        {
            "Sid": "readonly",
            "Effect": "Allow",
            "Action": [
                "s3:HeadBucket",
                "s3:ListBucket",
                "s3:GetBucketPolicy"
            ],
            "Resource": "arn:aws:s3:::mybucket"
        }
    ]
}
 
Add file
Delete paste
Christian Weiske Christian Weiske
owner

History

phorkie, the self-hosted, git-based pastebin software is available under the AGPL.