Root has no write permission to EFS volume

Question

I created a new EFS volume and mounted it with the EFS mount helper.

Here is the /etc/fstab:

LABEL=cloudimg-rootfs   /    ext4   defaults,discard    0 0
fs-deadbeef:/ /mnt/efs efs _netdev,tls 0 0

The mount completed successfully; however root does not have write permission for anything.

$ cd /mnt/efs
$ ls -al
total 8
drwxr-xr-x 2 root root 6144 May  4 15:28 .
drwxr-xr-x 3 root root 4096 Jun  2 19:56 ..
$ sudo mkdir temp
mkdir: cannot create directory ‘temp’: Permission denied
$ sudo touch test
touch: cannot touch 'test': Permission denied

I went to the AWS EFS console for this volume and verified that the option for "Disable root access by default" is unchecked.

I have what I think is an identical volume on an identical system (the nightly build) for which root has totally normal write access to the volume. The base image is the standard Ubuntu 18.04 AMI.

What can cause root to have no write access to an EFS volume?

score 4 · Answer 1 · answered Jun 05 '20 at 12:17

As of June 2020, it is not enough to look at the "Policy Settings" tab in Elastic File System > File systems > Manage file system permissions. This tab does not show the current settings. The current settings are only displayed in the "JSON" tab.

You should click "Set Policy" in the "Policy Settings" tab and then "Save policy" when it switches you to the "JSON" tab.

Alternatively, you can click "Delete policy" in the "JSON" tab, which reverts the permissions to the default, which also allows for root access.

This should be the accepted answer. – Michael Hobbs Dec 12 '20 at 18:28 — Michael Hobbs, Dec 12 '20 at 18:28

Root has no write permission to EFS volume

1 Answers1