This topic describes how to configure ossfs.
Prerequisites
Configure the account information
When you use ossfs to access OSS buckets, you must configure your account information
including your AccessKey ID and AccessKey secret. The account information must be
written to the account configuration file in a specific format. ossfs obtains the
account information in the $bucket_name:$access_key_id:$access_key_secret
format from the account configuration file.
- An account configuration file can contain records for multiple accounts. Each line
indicates the information of one account. When ossfs is used to attach a bucket, ossfs
matches the bucket name with the correct account.
Configuration examples:
echo bucket-test-1:AAAIbZcdVCmQ****:AAA8x0y9hxQ31coh7A5e2MZEUz**** > /etc/passwd-ossfs echo bucket-test-2:BBBIbZcdVCmQ****:BBB8x0y9hxQ31coh7A5e2MZEUz**** >> /etc/passwd-ossfs chmod 640 /etc/passwd-ossfs mkdir /tmp/ossfs-1 mkdir /tmp/ossfs-2 ossfs bucket-test-1 /tmp/ossfs-1 -ourl=http://oss-cn-hangzhou.aliyuncs.com ossfs bucket-test-2 /tmp/ossfs-2 -ourl=http://oss-cn-hangzhou.aliyuncs.com
- If you want to attach multiple buckets, you can choose to write the information of
every account to one account configuration file, or write the information of different
accounts to different account configuration files. You can use the -opasswd_file=xxx option to select the account configuration file.
Configuration examples:
echo bucket-test-3:CCCIbZcdVCmQ****:CCC8x0y9hxQ31coh7A5e2MZEUz**** > /etc/passwd-ossfs-3 chmod 600 /etc/passwd-ossfs-3 mkdir /tmp/ossfs-3 ossfs bucket-test-3 /tmp/ossfs-3 -ourl=http://oss-cn-hangzhou.aliyuncs.com -opasswd_file=/etc/passwd-ossfs-3 echo bucket-test-4:DDDIbZcdVCmQ****:DDD8x0y9hxQ31coh7A5e2MZEUz**** > /etc/passwd-ossfs-4 chmod 600 /etc/passwd-ossfs-4 mkdir /tmp/ossfs-4 ossfs bucket-test-4 /tmp/ossfs-4 -ourl=http://oss-cn-hangzhou.aliyuncs.com -opasswd_file=/etc/passwd-ossfs-4
Use instance RAM roles
In ECS, you can use ossfs based on instance RAM roles. You can bind a RAM role to an ECS instance to access OSS from the instance by using STS temporary credentials. STS temporary credentials are automatically generated and updated. Applications can obtain the STS temporary credentials by using the instance metadata URL. RAM helps protect the security of your AccessKey pair and facilitates fine-grained permission control and management. For more information about instance RAM roles, see Instance RAM roles.
The following section describes how to use ossfs by using the EcsRamRoleOssTest instance RAM role:
Configure access permissions
- allow_other: authorizes other users to access the directory to which the bucket is attached, but not objects in the folder. To modify the access permission on the objects in the directory, you must use the chmod command. No value is available for this option. To grant permissions to other users, use the -oallow_other option.
- uid: specifies the user ID (UID) of the owner of a folder.
- gid: specifies the group ID (GID) of the owner of a folder.
- mp_umask: specifies the permission mask set for the mount point. This option takes effect only when the allow_other option is set. Default value: 000. This option is used in the same way as the umask command. For example, you can use the -oallow_other -omp_umask=007 option to set the permission of the mount point to 770, and use the -oallow_other -omp_umask=077 option to set the permission of the mount point to 700.
- Set the permission to 777 to allow access from all users
ossfs bucket_name mount_point -ourl=endpoint -oallow_other
- Set the permission to 770 to allow access from users only in the same group.
ossfs bucket_name mount_point -ourl=endpoint -oallow_other -omp_umask=007
- When you attach the bucket, specify the user and user group, and then set the permission
to 770 to allow access from users only in the same group
The user www is used in the example. You can run the id command to obtain the UID or GID of the user, and then specify the uid or gid parameter after you attach the bucket.
id www uid=1000(www) gid=1000(web) groups=1000(web) ossfs bucket_name mount_point -ourl=endpoint -oallow_other -ouid=1000 -ogid=1000 -omp_umask=007
Attach a specific folder
ossfs bucket:/prefix mount_point -ourl=endpoint
Ensure that an object named ${prefix}/ exists in the bucket. You can run the stat command of ossutil to check whether the object exists.
ossfs bucket-ossfs-test:/folder /tmp/ossfs-folder -ourl=http://oss-cn-hangzhou.aliyuncs.com
Attach a folder on startup
Start ossfs by using Supervisor
Supervisor is a universal process management program of Python. Supervisor can turn a general command line process into a background daemon and monitor the process. Supervisor automatically restarts the process when the process stops unexpectedly. Perform the following steps to start ossfs by using Supervisor:
Enable debug logging
- Use the -d -odbglevel=debug -ocurldbg option when you attach a folder. ossfs stores the logs in the system logs.
- CentOS
Logs are stored in /var/log/messages.
- Ubuntu
Logs are stored in /var/log/syslog.
- CentOS
- Use the -d -odbglevel=debug -ocurldbg -f option when you attach a directory. ossfs displays the logs on the frontend.