permission denied when using service account with Google scp command

linux google-compute-engine google-cloud-platform

I want to use CircleCI to deploy my code to Compute Engine instance. I have created a Service Account user and use gcloud scp command below:

gcloud --quiet compute scp --recurse dev/test/ [DEST_INSTANCE]:/var/www/dev/dev/test --zone=northamerica-northeast1-a --project [PROJECT_NAME]

to upload files to var subfolder and the deployment fails with the error below:

scp: /var/www/dev/dev/test: Permission denied
ERROR: (gcloud.compute.scp) [/usr/bin/scp] exited with return code [1].
Exited with code 1

Now, I want to grant access to the service account but I don't see it in the list of users to grant access to when I use cat /etc/passwd. How can I grant permission to a service account? The roles I have assigned to this account is: enter image description here


Solution 1:

Please check the service account in use. There's one service account that's default for GCE and created by GCP. The other one is the one you created.

If you're using the one you created, have you authorized login for the service account using the JSON key file?

Solution 2:

It looks like your username does not have permissions on the GCE VM to write to /var/www/dev/dev/test.

To solve your issue you can choose one of two workarounds:

  1. Change permissions:

    • give your username write access to /var/www/dev/dev/test directly, for example:

      sudo chown -R $USER /var/www/dev/dev/test

    • copy files with gcloud compute scp directly to /var/www/dev/dev/test.

  2. Copy files in two steps:

    • use gcloud compute scp to transfer files/directories where your user can write to, e.g., /tmp or /home/$USER;

    • SSH into the VM instance via gcloud compute ssh or via Console and copy files from temporary location using sudo to get proper permissions.

Note that since this question is about GCE VMs, you cannot SSH directly to a VM instance as root, nor can you copy files directly as root, for the same reason: gcloud compute scp uses scp which relies on ssh for authentication.

In addition, please have a look at the documentation Transferring files to instances section Transferring files using the gcloud command-line tool.

Related

Prove that $\frac{n^n}{3^n} < n! < \frac{n^n}{2^n} \forall n \geq 6 $
Smart way to solve octics like $x^8+5992704x-304129728=0$
Distance between a point and a closed set in metric space
A set is infinite iff it is equivalent to a proper subset of itself
Why $\frac{X+YZ}{\sqrt{1+Z^2}} \sim \mathcal{N}(0,1)$ if $X,Y,Z$ are i.i.d. $\mathcal{N}(0,1)$?
No group of order 10,000 is simple
Difference between a set and a class
Prove that the exponential function is differentiable
how to compute the Euler characters of a Grassmannian?
Is a metric space perfectly normal?
Best way to add NuGet packages as project references in VS2012?
Proxy Error 502 : The proxy server received an invalid response from an upstream server