MinIO: Insufficient permissions to access this file

rich1.0phorkiehttps://p.cweiske.de/MinIO: Insufficient permissions to access this fileChristian Weiske86400900900 <link rel="stylesheet" href="https://p.cweiske.de/css/embed.css"/> <div class="phork" id="748"> <div class="phork-file"> <div class="phork-content"> <div class="document"> Error with S3-compatible MinIO server: <pre class="literal-block"> $ mc cp test-minio-main-readonly/mybucket/hello.txt . mc: <ERROR> Unable to validate source `test-minio-main-readonly/mybucket/hello.txt`. $ mc cat test-minio-main-readonly/mybucket/hello.txt . mc: <ERROR> Unable to read from `test-minio-main-readonly/mybucket/hello.txt`. Insufficient permissions to access this file `http://localhost:9001/mybucket/hello.txt`. </pre> Solution: The policy allowed actions only for the bucket, but not for the files in the bucket. </div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/748/rev-raw/d0cfc86bc001156572c978ff972046857e8f852d/0-README.rst" style="float: right">view raw source</a> <a href="https://p.cweiske.de/748#0-README.rst">0-README.rst</a> </div> </div> <div class="phork-file"> <div class="phork-content"> <style type="text/css">/** * GeSHi (C) 2004 - 2007 Nigel McNie, 2007 - 2014 Benny Baumann * (http://qbnz.com/highlighter/ and http://geshi.org/) */ .javascript .de1, .javascript .de2 {font: normal normal 1em/1.2em monospace; margin:0; padding:0; background:none; vertical-align:top;} .javascript {font-family:monospace;} .javascript .imp {font-weight: bold; color: red;} .javascript li, .javascript .li1 {color: #DDD;} .javascript .ln {width:1px;text-align:right;margin:0;padding:0 2px;vertical-align:top;} .javascript .kw1 {color: #000066; font-weight: bold;} .javascript .kw2 {color: #003366; font-weight: bold;} .javascript .kw3 {color: #000066;} .javascript .kw5 {color: #FF0000;} .javascript .co1 {color: #006600; font-style: italic;} .javascript .co2 {color: #009966; font-style: italic;} .javascript .coMULTI {color: #006600; font-style: italic;} .javascript .es0 {color: #000099; font-weight: bold;} .javascript .br0 {color: #009900;} .javascript .sy0 {color: #339933;} .javascript .st0 {color: #3366CC;} .javascript .nu0 {color: #CC0000;} .javascript .me1 {color: #660066;} .javascript span.xtra { display:block; } </style><div class="code"><table class="javascript"><tbody><tr class="li1"><td class="ln"><pre class="de1">1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 </pre></td><td class="de1"><pre class="de1">{     "Version": "2012-10-17",     "Statement": [         {             "Sid": "readonly",             "Effect": "Allow",             "Action": [                 "s3:GetObject",                 "s3:ListBucket"             ],             "Resource": "arn:aws:s3:::mybucket"         },         {             "Sid": "readonly",             "Effect": "Allow",             "Action": "s3:HeadBucket",             "Resource": "arn:aws:s3:::mybucket"         }     ] }  </pre></td></tr></tbody></table></div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/748/rev-raw/d0cfc86bc001156572c978ff972046857e8f852d/1-broken-policy.json" style="float: right">view raw source</a> <a href="https://p.cweiske.de/748#1-broken-policy.json">1-broken-policy.json</a> </div> </div> <div class="phork-file"> <div class="phork-content"> <style type="text/css">/** * GeSHi (C) 2004 - 2007 Nigel McNie, 2007 - 2014 Benny Baumann * (http://qbnz.com/highlighter/ and http://geshi.org/) */ .javascript .de1, .javascript .de2 {font: normal normal 1em/1.2em monospace; margin:0; padding:0; background:none; vertical-align:top;} .javascript {font-family:monospace;} .javascript .imp {font-weight: bold; color: red;} .javascript li, .javascript .li1 {color: #DDD;} .javascript .ln {width:1px;text-align:right;margin:0;padding:0 2px;vertical-align:top;} .javascript .kw1 {color: #000066; font-weight: bold;} .javascript .kw2 {color: #003366; font-weight: bold;} .javascript .kw3 {color: #000066;} .javascript .kw5 {color: #FF0000;} .javascript .co1 {color: #006600; font-style: italic;} .javascript .co2 {color: #009966; font-style: italic;} .javascript .coMULTI {color: #006600; font-style: italic;} .javascript .es0 {color: #000099; font-weight: bold;} .javascript .br0 {color: #009900;} .javascript .sy0 {color: #339933;} .javascript .st0 {color: #3366CC;} .javascript .nu0 {color: #CC0000;} .javascript .me1 {color: #660066;} .javascript span.xtra { display:block; } </style><div class="code"><table class="javascript"><tbody><tr class="li1"><td class="ln"><pre class="de1">1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 </pre></td><td class="de1"><pre class="de1">{     "Version": "2012-10-17",     "Statement": [         {             "Sid": "readonly",             "Effect": "Allow",             "Action": [                 "s3:GetObject"             ],             "Resource": "arn:aws:s3:::mybucket/*"         },         {             "Sid": "readonly",             "Effect": "Allow",             "Action": [                 "s3:HeadBucket",                 "s3:ListBucket",                 "s3:GetBucketPolicy"             ],             "Resource": "arn:aws:s3:::mybucket"         }     ] }  </pre></td></tr></tbody></table></div> </div> <div class="phork-meta"> <a href="https://p.cweiske.de/748/rev-raw/d0cfc86bc001156572c978ff972046857e8f852d/2-correct-policy.json" style="float: right">view raw source</a> <a href="https://p.cweiske.de/748#2-correct-policy.json">2-correct-policy.json</a> </div> </div> </div>