+1 vote
by (130 points)

I am trying to create an upload-only SFTP Server.

But, if I deny the physical path "read" permission to the user, it fails to login:
Rebex permissions

WinSCP error

Server log:

2021-07-21 16:45:37.460 +00:00 [Error] Session 4: Error while initializing subsystem (sftp): nmfqt.pabbe: Access denied.
at nmfqt.kuvgb.ybxbw(String p0, FileSystemOperation p1, FileServerAction p2)
at nmfqt.kuvgb.dobwe(String p0)
at nmfqt.uyjub.nsjsn(nsbrt p0, String& p1)
at nmfqt.ivqkh.lromo(zyjht p0, bqsol p1, String p2, String& p3)
at nmfqt.clxpq.nmfqt.ngxrj.udyux(String p0, String p1, String& p2)
at nmfqt.hfswm.wbirm(String p0, String p1, Boolean p2)

Access log:

20210721164537.457,"127.0.0.1",4,"alice","login",[]
20210721
164537.459,"127.0.0.1",4,"alice","access",["/mount", "Read"]
20210721_164537.464,"127.0.0.1",4,"alice","logout",[]

Applies to: Buru SFTP Server

2 Answers

0 votes
by (2.0k points)

Hi Gromit,

I was able to replicate the issue and will try to come with a solution / fix soon.

0 votes
by (2.0k points)

Hi Gromit,

Buru SFTP Server v2.4.1 should have the issue fixed.

Hope it helps!

by (130 points)
I have upgraded to 2.4.1 - same problem, different error in WinSCP:
Permission denied.
Error code: 3
Error message from server: Access denied.


Access log:
20210726_173854.474,"127.0.0.1",6,"alice","login",[]
20210726_173854.476,"127.0.0.1",6,"alice","access",["/mount", "Read"]
20210726_173854.516,"127.0.0.1",6,"alice","access",["/mount", "Read"]
20210726_173854.541,"127.0.0.1",6,"alice","access",["/mount", "List"]

Server log didn't update for some reason.
by (2.0k points)
There's an error message because since your root is write-only, you can't read its contents. I tried using WinSCP and I can write to the root folder just fine (with the same error message you got).

We might distinguish "list" and "read" in the future but I can't say when this will get implemented.
by (130 points)
So it's currently impossible to create an upload-only SFTP Server?
by (2.0k points)
It is possible and you already did it. The error you got is displayed because WinSCP cannot list the contents of the root folder (because it is write-only). But as you can see WinSCP is connected and you can upload files.
by (100 points)
Has this issue been resolved? We are not able to use FileZilla at all when accessing write only folders, since it straight up drops the connection when trying to read/list directory content. I know that other servers can be configured to return an empty listing in case of write only folders - this would be a much needed feature going forward....
by (2.0k points)
The suggested behavior change will be implemented - here's a ticket you can follow for more information -- https://github.com/rebexnet/buru-sftp-server/issues/5 . Please note that as of now there is no ETA on shipping this feature.
...