Hello Unless I m missing something
Hello! Unless I'm missing something obvious, I'm pretty sure I'm running into an R2 bug. I'm using a token with "Object Read & Write" permissions and get AccessDenied when using rclone to write an object to the bucket. I know I have the access id & secret key correct because as soon as I switch the token permissions to "Admin Read & Write" privileges, it starts working and rclone will correctly write new objects to the bucket. When I switch it back, it stops working again.
What I'm doing is very simple:
4 Replies
Unknown User•17mo ago
Message Not Public
Sign In & Join Server To View
Sorry about the delay in responding, I was away.. There is only one bucket involved. I'm copying a local file to an R2 bucket. I've tried the "Object Read & Write" permissions with "All buckets in this account", and I've also tried it with the "specific buckets only" and both produce the same results.
As you can see, the token is currently configured to apply to all buckets. When it's like this, I can delete objects from the bucket but creating new ones fails.
When I set this to "Admin Read & Write", I can once again create objects in the bucket. I've flipped it back and forth several times to make sure it wasn't a coincidence.
Turns out rclone always tries to create the bucket you’re writing to, just in case it doesn’t exist. A limited-access user doesn’t have permission to do this, so the request fails.
You can add this to your rclone.conf to turn off this behavior and fix the problem:
no_check_bucket = true
Could you please tell whoever's working on the R2+rclone docs: https://developers.cloudflare.com/r2/examples/rclone/
The docs should mention that you should probably have "no_check_bucket = true" in your rclone.conf, or else limited-access access keys won't work.