Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

goofys

Written by
Updated at April 1, 2025

goofys is a utility for Linux and macOS to mount Object Storage buckets via FUSE.

Getting started

  1. Create a service account.

  2. Assign to the service account the roles required for your project, e.g., storage.editor for a bucket (to work with a particular bucket) or a folder (to work with all buckets in this folder). For more information about roles, see Access management with Yandex Identity and Access Management.

    To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the storage.configurer role:

    • kms.keys.encrypter: To read the key, encrypt and upload objects.
    • kms.keys.decrypter: To read the key, decrypt and download objects.
    • kms.keys.encrypterDecrypter: This role includes the kms.keys.encrypter and kms.keys.decrypter permissions.

    For more information, see Key Management Service service roles.

  3. Create a static access key.

    As a result, you will get the static access key data. To authenticate in Object Storage, you will need the following:

    • key_id: Static access key ID
    • secret: Secret key

    Save key_id and secret: you will not be able to get the key value again.

Note

A service account is only allowed to view a list of buckets in the folder it was created in.

A service account can perform actions with objects in buckets that are created in folders different from the service account folder. To enable this, assign the service account roles for the appropriate folder or its bucket.

Installation

To install goofys, follow this guide in the project repository.

Setup

goofys uses the secret key from the AWS CLI settings stored in the .aws/credentials file. You can also put the key data you got earlier in the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.

Mounting a bucket

  1. Select the folder where you want to mount a bucket and make sure you have permissions to perform the mounting operation.

  2. For one-time bucket mounting, run the command:

    goofys --endpoint=https://storage.yandexcloud.net <bucket_name> <mount_point>

To set a bucket to mount at system startup, add the following line to the /etc/fstab file:

goofys#<bucket_name>  <mount_point>  fuse  _netdev,allow_other,--file-mode=0666,--dir-mode=0777,--endpoint=https://storage.yandexcloud.net  0  0
Previous
s3fs
Next
rclone