0 votes
by (170 points)

Getting "Permission Denied" when calling SetFileDateTime. What permissions are needed to resolve this error?

Using Rebex SFTP for .NET (Version 2.0.3723.0) for .NET 1.1

LogWriter output:
13:12:53.156 Verbose SSH: Sending packet SSH_MSG_CHANNEL_DATA (94 bytes).
13:12:53.406 Info Command: SSH_FXP_SETSTAT ('/www/content/htdocs/web.gif')
13:12:53.625 Verbose SSH: Received packet SSH_MSG_CHANNEL_DATA (47 bytes).
13:12:53.843 Info Response: SSH_FXP_STATUS (3, 'Permission denied')

Output from Debug.WriteLine:
SetFileDateTime: Local=C:\Inetpub\wwwroot\web.gif Remote=/www/content/htdocs/web.gif 07/21/2001 3:22:32 PM

Source Code:
     Sub UpdateRemoteTimeStamp(
        ByVal strLocalPath As String,

        ByVal strRemotePath As String)
        Dim dtLastWrite As DateTime = File.GetLastWriteTime(strLocalPath)
        Debug.WriteLine("SetFileDateTime: " &
            " Local=" & strLocalPath &

            " Remote=" & strRemotePath & " " & _
        _sftp.SetFileDateTime(strRemotePath, dtLastWrite)
    End Sub

Applies to: Rebex SFTP

2 Answers

+1 vote
by (147k points)

Unfortunately, the answer is entirely server dependent. The server response which caused this exception to be raised doesn't contain any other information in addition to "Permission denied" message and a status code 3, which has identical meaning. Typically, this would be reported if there the logged-on user has no write permissions for the file or doesn't have permissions to change the last write time date.

What OS and SSH/SFTP server is used at the server? That might shed some light on this error.

by (170 points)

The server administration technician sent me this explanation:

We using SFTP on Linux (openssh) but we are not mounting the drives using “noatime”, this is a mounted SAN share but the mount is through IIS/Server 2008 R2, so it’s not a linux permission issue. The linux SFTP server is just mounting the drive as an SMB share as a generic user with modify permissions to the directory. I can log into the sftp server through ssh & change the time using 'touch' as my username or root without issue. This uses the same generic user acct because the it’s mounted using this generic user acct.

by (147k points)

So is it actually possible to set both mtime and atime on that mount, or mtime only? That would explain the problem, because in SFTPv3, mtime and atime can only be changed together - the SFTPv3 draft only defines a single SSH_FILEXFER_ACMODTIME flag for both values so it's not possible to set mtime without setting atime as well. This was changed in SFTPv4, but OpenSSH only supports SFTPv3.

On the other hand, the touch command doesn't suffer from this limitation. Actually, that might be a workaround - try executing the touch command over SFTP's unrelying SSH session using the ExecuteCommand method described in another forum post. Does that work?

by (170 points)

I forwarded your message to the server admin to see if it helps him with SFTP server configuration.

I tried the ExecuteCommand to send over a "touch" command and got this response message: "This service allows sftp connections only."


by (147k points)

It looks like the logged-on user only has SFTP access. No "touch" command in that case, unfortunately.

0 votes
by (170 points)

Based on your comments, my understanding is that openssh only supports SFTPv3 and SFTPv4 is required for SetFileDateTime. Therefore, SetFileDateTime cannot work with openssh.

Thanks for your help with this question.

by (147k points)

With SFTPv3, SetFileDateTime works but sets both mtime and atime to the specified value. With SFTPv4, only mtime is set (compare SFTP v4 draft with the one linked above). So yes - without a permission to set atime, SetFileDateTime would only work with SFTPv4.

Unfortunately, OpenSSH developers are not interested in implementing SFTPv4, calling all versions above 3 hopelessly bloated and broken. Bloated because too much new features started creaping in, and broken because some of them were not-so-well-thought - for example, someone seems to think that atime/ctime/mtime in Unix stand for access time/creation time/modification time while the meaning of ctime is in fact entirely different.