0 votes
by (200 points)

Hi,

I am implementing a sftp solution with a custom File System provider(azure file system).
I am trying to give ftp users a specific home directory using the Virtual Root Path property but I am unable to make it work.

Let's say I have this file structure in Azure:
/
user1/
user2/
user3/

where / is root and the child directories would be the home directories of the different users.

The code I have is this:

var user = new FileServerUser(userName, userPassword, "/user1");

// use the custom file system provider as this user's virtual file system
user.SetFileSystem(azureFs);

When I run this, I get an exception saying "Existing path required."

Is there something that I am missing?

thanks,
Mattias

Applies to: Rebex SFTP

1 Answer

0 votes
by (5.1k points)
edited by

Hi Mattias,
and welcome to the Rebex Forum. Thanks for reporting this issue.
You are experiencing some clashes between the SFTP server API and the new Virtual File System API. We are aware of this. We are improving our documentation and we are discussing how to improve the API.

However, the solution is simple. You can limit a user to a specific directory using the DirectoryFileSystemProvider.

         var userDirectory = azureFs.Root.GetDirectories()                                                             
                .SingleOrDefault(dir => dir.Name.Equals("user1", StringComparison.OrdinalIgnoreCase));
 //Every directory in the file system can serve as a FileSystemProvider. 
//Use the CreateFileSystem method and you are done.        
               var userDirectoryFS = userDirectory.CreateFileSystem();
               var user = new FileServerUser(userName,userPassword);
               user.SetFileSystem(userDirectoryFS);
by

If you did something like already provide the user's folder path and did a azureFs.Mount... then just calling the FileServerUser with only 2 parameters might work.

var user = new FileServerUser(userName, userPassword);

Or (depending on what you are trying to achieve) try using the FileServerUser that accepts 4 parameters (root and home).

var user = new FileServerUser(userName, userPassword, "/", "/user1");

by (5.1k points)
edited by
Warning for other Rebex users.
<TL;DR>
Please use the overloads of the method SetFileSystem when you need to set a user root directory in the virtual file system.

user.SetFileSystem(userDirectoryFS); //see answer above for details
user.SetFileSystem(myVirtualFs, "/user1");
API Doc - https://www.rebex.net/doc/api/Rebex.Net.Servers.FileServerUser.SetFileSystem.html
</TL;DR>

RussPhillips is right, but you should be aware that the following line is a "hack" and unintended consequence, which originated from the integration of the virtual file system to the SFTP server.

//Problematic code
var user = new FileServerUser(userName, userPassword, "/", "/user1");

The line above allows access to the root "/" of the physical file system (e. g. C:\ on Windows). The access will be typically revoked a few lines later using the SetFileSystem call, so we can conclude that the final user of the application is neither aware of this temporary setting nor can get access to the sensitive parts of the physical file system.  Despite the seemingly innocent nature of the code,  to avoid potential leaking of the sensitive information if you forget to set the virtual file system (after refactoring of the code, etc.), we strongly recommend (solution specific equivalent of the) following code.
 
//Good code:
  var userDirectory = azureFs.Root.GetDirectories()                                                             
                .SingleOrDefault(dir => dir.Name.Equals("user1", StringComparison.OrdinalIgnoreCase));
 //Every directory in the file system can serve as a FileSystemProvider.
//Use the CreateFileSystem method and you are done.        
               var userDirectoryFS = userDirectory.CreateFileSystem();
               var user = new FileServerUser(userName,userPassword);
               user.SetFileSystem(userDirectoryFS);
...