Unable to set ACL for SFTP

Question

Unable to set ACL for SFTP

Bill Flinders 5

Unable to set ACL permission for a localuser for SFTP. Getting the followng error, I can confirm the user is created

(InvalidNamedUserOrNamedGroup) The named user or named group in the access control list is not valid.

RequestId:d4164dd1-601f-0054-5284-e46b4c000000

Time:2025-06-23T21:21:34.6548533Z

Code: InvalidNamedUserOrNamedGroup

Message: The named user or named group in the access control list is not valid.

RequestId:d4164dd1-601f-0054-5284-e46b4c000000

Time:2025-06-23T21:21:34.6548533Z

Keshavulu Dasari 4,840 Reputation points Microsoft External Staff Moderator

2025-06-24T15:59:17.2333333+00:00

Hi Bill Flinders,

When setting ACLs, you must use the user ID (a numeric identifier like 1002) rather than the username.

You can find the user ID in the Azure Portal by navigating to the local user configuration, you need an admin local user with full permissions on the root directory to assign ACLs to other users.

When creating local users, ensure the Allow ACL authorization option is checked. And Do not assign container-level permissions directly if you're using ACLs.

For more information:
https://techcommunity.microsoft.com/blog/azurepaasblog/how-to-configure-directory-level-permission-for-sftp-local-user/4373620

please let me know if you have any other quires, I am happy to assist you.
Keshavulu Dasari 4,840 Reputation points Microsoft External Staff Moderator

2025-06-25T09:47:45.4433333+00:00

Hi Bill Flinders,

please let me know if you have any other quires, I am happy to assist you.
Bill Flinders 5 Reputation points

2025-06-25T13:27:30.7033333+00:00

when I tried issue the command using the id.

command (az storage fs access set --acl "user:1002:rwx" --path "<path>" --file-system odyssey --account-name <accountname>

(InvalidNamedUserOrNamedGroup) The named user or named group in the access control list is not valid.

RequestId:b11683d5-701f-0069-6ed2-e5de6a000000

Time:2025-06-25T13:07:51.8518289Z

Code: InvalidNamedUserOrNamedGroup

Message: The named user or named group in the access control list is not valid.

RequestId:b11683d5-701f-0069-6ed2-e5de6a000000

Time:2025-06-25T13:07:51.8518289Z
Bill Flinders 5 Reputation points

2025-06-25T14:47:10.64+00:00

I found the issue, I didn't realize we count using custom domains in Azure SFTP, that is why the user was failing to write/delete. all is working
Keshavulu Dasari 4,840 Reputation points Microsoft External Staff Moderator

2025-06-30T10:40:03.5866667+00:00

Hi Bill Flinders,

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you
Nandamuri Pranay Teja 3,775 Reputation points Microsoft External Staff Moderator

2025-07-01T06:48:49.4+00:00

Hi Bill Flinders,

Just checking in to see if the provided answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.

1 answer

Your answer

Keshavulu Dasari 4,840 Reputation points Microsoft External Staff Moderator

2025-06-24T15:59:17.2333333+00:00

Hi Bill Flinders,

When setting ACLs, you must use the user ID (a numeric identifier like 1002) rather than the username.

You can find the user ID in the Azure Portal by navigating to the local user configuration, you need an admin local user with full permissions on the root directory to assign ACLs to other users.

When creating local users, ensure the Allow ACL authorization option is checked. And Do not assign container-level permissions directly if you're using ACLs.

For more information:
https://techcommunity.microsoft.com/blog/azurepaasblog/how-to-configure-directory-level-permission-for-sftp-local-user/4373620

please let me know if you have any other quires, I am happy to assist you.
Keshavulu Dasari 4,840 Reputation points Microsoft External Staff Moderator

2025-06-25T09:47:45.4433333+00:00

Hi Bill Flinders,

please let me know if you have any other quires, I am happy to assist you.
Bill Flinders 5 Reputation points

2025-06-25T13:27:30.7033333+00:00

when I tried issue the command using the id.

command (az storage fs access set --acl "user:1002:rwx" --path "<path>" --file-system odyssey --account-name <accountname>

(InvalidNamedUserOrNamedGroup) The named user or named group in the access control list is not valid.

RequestId:b11683d5-701f-0069-6ed2-e5de6a000000

Time:2025-06-25T13:07:51.8518289Z

Code: InvalidNamedUserOrNamedGroup

Message: The named user or named group in the access control list is not valid.

RequestId:b11683d5-701f-0069-6ed2-e5de6a000000

Time:2025-06-25T13:07:51.8518289Z
Bill Flinders 5 Reputation points

2025-06-25T14:47:10.64+00:00

I found the issue, I didn't realize we count using custom domains in Azure SFTP, that is why the user was failing to write/delete. all is working
Keshavulu Dasari 4,840 Reputation points Microsoft External Staff Moderator

2025-06-30T10:40:03.5866667+00:00

Hi Bill Flinders,

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you
Nandamuri Pranay Teja 3,775 Reputation points Microsoft External Staff Moderator

2025-07-01T06:48:49.4+00:00

Hi Bill Flinders,

Just checking in to see if the provided answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.

Answer 1

Keshavulu Dasari 4,840 Microsoft External Staff Moderator

Hi Bill Flinders,

Azure SFTP does not support custom domains for authentication and ACL mapping, which is why the system couldn't resolve the user identity correctly. Once you switched back to using the default domain setup, the ACLs worked as expected.

Please do not forget to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Share via

Unable to set ACL for SFTP

1 answer

Your answer