无法访问tmp目录中的文件
[英]Unable to access files on the tmp directory
问题描述
I am trying to access the .json file that I have downloaded to the /tmp/ directory using the ebconfig to store private keys on S3 . 
我正在尝试使用ebconfig访问我已下载到/ tmp /目录的.json文件,以便在S3上存储私钥 。
files:
"/tmp/firebaseadminsdk.json" :
mode: "000400"
owner: root
group: root
authentication: "S3Auth"
source: 'source url'
But its giving me the following error 但它给了我以下错误
Error: EACCES: permission denied, open '/tmp/firebaseadminsdk.json'
There a paragraph in the documentation which says 文档中有一段说明
The second entry uses the S3Auth authentication method to download the private key from the specified URL and save it to /etc/pki/tls/certs/server.key. The proxy server can then read the private key from this location to terminate HTTPS connections at the instance.
Unfortunately I am not using any proxy as it is recommended not to use one and if I was to change it to , it causes the health of the instance to turn to severe. 不幸的是我没有使用任何代理,因为建议不要使用任何代理,如果我要将其更改为,则会导致实例的运行状况变为严重。
I have double confirm that the IAM account has read and write access to the bucket containing the file. 我已经双重确认IAM帐户对包含该文件的存储桶具有读写访问权限。 I have also added a bucket policy to give the IAM account full access to interact with the bucket as seen below 我还添加了一个存储桶策略,为IAM帐户提供与存储桶交互的完全访问权限,如下所示
{
"Version": "2012-10-17",
"Id": "Policy1546355608026",
"Statement": [
{
"Sid": "Stmt_____",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::______:role/aws-elasticbeanstalk-ec2-role"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::_____/firebaseadminsdk.json"
}
]
}
I also went to ec2 into my instance and added the S3fullaccess policy to the IAM role being used by the instance but after doing all of that the error still remains. 我还将ec2转到我的实例中,并将S3fullaccess策略添加到实例使用的IAM角色中,但在完成所有这些操作后,错误仍然存在。
I am also using a load balancer which might cause some issues? 我也在使用可能导致一些问题的负载均衡器?
Error Message 错误信息
Error: EACCES: permission denied, open '/tmp/firebaseadminsdk.json'
at Object.openSync (fs.js:436:3)
at Object.readFileSync (fs.js:341:35)
at Object.Module._extensions..json (internal/modules/cjs/loader.js:705:20)
at Module.load (internal/modules/cjs/loader.js:598:32)
at tryModuleLoad (internal/modules/cjs/loader.js:537:12)
at Function.Module._load (internal/modules/cjs/loader.js:529:3)
at Module.require (internal/modules/cjs/loader.js:636:17)
at require (internal/modules/cjs/helpers.js:20:18)
at Object.<anonymous> (/var/app/current/index.js:9:22)
at Module._compile (internal/modules/cjs/loader.js:688:30)
fs.js:115
throw err;
1 个解决方案
解决方案1
0 2019-05-03 17:39:00
In your code for file copying change permissions from owner read 400 to read for everyone 444 . 在您的文件复制代码中,更改权限从所有者读取400以读取每个人444 。
files:
"/tmp/firebaseadminsdk.json" :
mode: "000444"
owner: root
group: root
authentication: "S3Auth"
source: 'source url'
Permission read for everyone on private keys may be unsecure. 私钥上每个人的权限读取可能是不安全的。
But I am using it for alpha version of app and later will implement AWS KMS (key management service) also because of key rotation. 但是我将它用于应用程序的alpha版本,之后还会因为密钥轮换而实施AWS KMS(密钥管理服务)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.