Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access denied (\"java.io.FilePermission\" \"/usr/share/elasticsearch/.aws/config\" \"read\")" #62493

Closed
dunkelbunt1 opened this issue Sep 16, 2020 · 2 comments · Fixed by #62522
Closed

Access denied (\"java.io.FilePermission\" \"/usr/share/elasticsearch/.aws/config\" \"read\")" #62493

dunkelbunt1 opened this issue Sep 16, 2020 · 2 comments · Fixed by #62522
Labels
>bug :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs Team:Distributed Meta label for distributed team

Comments

@dunkelbunt1
Copy link

I am having the following issue with elastic-search 7.9.0 and the repository-s3 plugin.

"stacktrace": ["java.security.AccessControlException: access denied (\"java.io.FilePermission\" \"/usr/share/elasticsearch/.aws/config\" \"read\")",
"at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]",
"at java.security.AccessController.checkPermission(AccessController.java:1036) ~[?:?]",
"at java.lang.SecurityManager.checkPermission(SecurityManager.java:408) ~[?:?]",
"at java.lang.SecurityManager.checkRead(SecurityManager.java:747) ~[?:?]",
"at java.io.File.exists(File.java:818) ~[?:?]",

My Dockerfile looks like this:

FROM docker.elastic.co/elasticsearch/elasticsearch:7.7.1
RUN elasticsearch-plugin install --batch repository-s3

I can see the stack-trace appearing only once after every restart.
My aws/s3 credentials do get directly added into the key-store so I am not sure why it is trying to read "/usr/share/elasticsearch/.aws/config"

Does anyone know what can cause this?
@dunkelbunt1 dunkelbunt1 added >bug needs:triage Requires assignment of a team area label labels Sep 16, 2020
DaveCTurner added a commit to DaveCTurner/elasticsearch that referenced this issue Sep 17, 2020
@DaveCTurner
Hide c.a.s.s.i.UseArnRegionResolver noise
e3d6b28 
A recent AWS SDK upgrade has introduced a new source of spurious `WARN`
logs when the security manager prevents access to the user's home
directory and therefore to `$HOME/.aws/config`. This is the behaviour we
want, and it's harmless and handled by the SDK as if the config doesn't
exist, so this log message is unnecessary noise.  This commit suppresses
this noisy logging by default.

Relates elastic#20313, elastic#56346, elastic#53962
Closes elastic#62493
@DaveCTurner DaveCTurner mentioned this issue Sep 17, 2020
Merged
@DaveCTurner DaveCTurner added :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs and removed needs:triage Requires assignment of a team area label labels Sep 17, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-distributed (:Distributed/Snapshot/Restore)

@elasticmachine elasticmachine added the Team:Distributed Meta label for distributed team label Sep 17, 2020
@DaveCTurner
Copy link
Contributor

Thanks for the report @dunkelbunt1. This is just unnecessary noise emitted by the AWS SDK and you can safely ignore it. I opened #62522 to suppress this logging in future.

DaveCTurner added a commit that referenced this issue Sep 18, 2020
@DaveCTurner
Hide c.a.s.s.i.UseArnRegionResolver noise (#62522)
2ec7260 
A recent AWS SDK upgrade has introduced a new source of spurious `WARN`
logs when the security manager prevents access to the user's home
directory and therefore to `$HOME/.aws/config`. This is the behaviour we
want, and it's harmless and handled by the SDK as if the config doesn't
exist, so this log message is unnecessary noise.  This commit suppresses
this noisy logging by default.

Relates #20313, #56346, #53962
Closes #62493
DaveCTurner added a commit that referenced this issue Sep 18, 2020
@DaveCTurner
Hide c.a.s.s.i.UseArnRegionResolver noise (#62522)
0a3f2c4 
A recent AWS SDK upgrade has introduced a new source of spurious `WARN`
logs when the security manager prevents access to the user's home
directory and therefore to `$HOME/.aws/config`. This is the behaviour we
want, and it's harmless and handled by the SDK as if the config doesn't
exist, so this log message is unnecessary noise.  This commit suppresses
this noisy logging by default.

Relates #20313, #56346, #53962
Closes #62493
@DemiBSel DemiBSel mentioned this issue Jul 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>bug :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs Team:Distributed Meta label for distributed team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Hide c.a.s.s.i.UseArnRegionResolver noise DaveCTurner/elasticsearch
3 participants
@DaveCTurner @elasticmachine @dunkelbunt1