User is denied access without "read" permission to the physical path

+1 vote
asked Jul 22 by Gromit (130 points)

I am trying to create an upload-only SFTP Server.

But, if I deny the physical path "read" permission to the user, it fails to login:
Rebex permissions

WinSCP error

Server log:

2021-07-21 16:45:37.460 +00:00 [Error] Session 4: Error while initializing subsystem (sftp): nmfqt.pabbe: Access denied.
at nmfqt.kuvgb.ybxbw(String p0, FileSystemOperation p1, FileServerAction p2)
at nmfqt.kuvgb.dobwe(String p0)
at nmfqt.uyjub.nsjsn(nsbrt p0, String& p1)
at nmfqt.ivqkh.lromo(zyjht p0, bqsol p1, String p2, String& p3)
at nmfqt.clxpq.nmfqt.ngxrj.udyux(String p0, String p1, String& p2)
at nmfqt.hfswm.wbirm(String p0, String p1, Boolean p2)

Access log:

20210721164537.457,"127.0.0.1",4,"alice","login",[]
20210721
164537.459,"127.0.0.1",4,"alice","access",["/mount", "Read"]
20210721_164537.464,"127.0.0.1",4,"alice","logout",[]

Applies to: Rebex SFTP

2 Answers

0 votes
answered Jul 22 by Lukas Paluzga (890 points)

Hi Gromit,

I was able to replicate the issue and will try to come with a solution / fix soon.

0 votes
answered Jul 26 by Lukas Paluzga (890 points)

Hi Gromit,

Buru SFTP Server v2.4.1 should have the issue fixed.

Hope it helps!

commented Jul 26 by Gromit (130 points)
I have upgraded to 2.4.1 - same problem, different error in WinSCP:
Permission denied.
Error code: 3
Error message from server: Access denied.


Access log:
20210726_173854.474,"127.0.0.1",6,"alice","login",[]
20210726_173854.476,"127.0.0.1",6,"alice","access",["/mount", "Read"]
20210726_173854.516,"127.0.0.1",6,"alice","access",["/mount", "Read"]
20210726_173854.541,"127.0.0.1",6,"alice","access",["/mount", "List"]

Server log didn't update for some reason.
commented Jul 27 by Lukas Paluzga (890 points)
There's an error message because since your root is write-only, you can't read its contents. I tried using WinSCP and I can write to the root folder just fine (with the same error message you got).

We might distinguish "list" and "read" in the future but I can't say when this will get implemented.
commented Jul 27 by Gromit (130 points)
So it's currently impossible to create an upload-only SFTP Server?
commented Jul 28 by Lukas Paluzga (890 points)
It is possible and you already did it. The error you got is displayed because WinSCP cannot list the contents of the root folder (because it is write-only). But as you can see WinSCP is connected and you can upload files.
...