question

RomeoValko-1592 avatar image
0 Votes"
RomeoValko-1592 asked NipunaSilva commented

Blob Storage SFTP Permissions

Hello,

I succesfully created a storage with SFTP access to the container.
My plan is to create an user which have only permission to create non-existing files, and prevent to override anything.
As I understand, I need the "Create" permission which allows to upload file if file doesn't exist.

Unfortunately at "put" command I receive "remote open("/test.txt"): Permission denied".
I also tried mkdir command which works perfectly.
With the "Write" permission it's working, but it can also enable to override the existing file, which for my scenarion is not permitted.

If you have any suggestion, why I'm getting Permission denied at "Put" command with Creator permission, and how I can solve it please let me know.

Thanks,
Romeo


azure-blob-storage
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RomeoValko-1592 Can you please share the screenshot of the error message?

Can you please cross verify the permission as mentioned in the article here

Azure Storage does not support shared access signature (SAS), or Azure Active directory (Azure AD) authentication for connecting SFTP clients. Instead, SFTP clients must use either a password or a Secure Shell (SSH) private key credential.

To grant access to a connecting client, the storage account must have an identity associated with that credential. That identity is called a local user. Local Users are a new form of identity management provided with SFTP support. You can add up 1000 local users to a storage account.

To set up access permissions, you will create a local user, and choose authentication methods. Then, for each container in your account, you can specify the level of access you want to give that user.

This article describes limitations and known issues of SFTP support in Azure Blob Storage.
Looking forward for your reply!


0 Votes 0 ·
RomeoValko-1592 avatar image RomeoValko-1592 SumanthMarigowda-MSFT ·

@Sumarigo-MSFT

Sure, I checked the permissions and as the 'Create' permissions describes 'Upload file if file doesn't exist', and this is what I'd exactly like.

As you can see on the screenshot (attached), I created a local user with Create and Read permissions, and can connect to the server via Filezilla or Terminal.
I can also create directory if not existing which is good, but can't put the file due to permission denied.

166835-blob.png


0 Votes 0 ·
blob.png (146.2 KiB)
SumanthMarigowda-MSFT avatar image
1 Vote"
SumanthMarigowda-MSFT answered NipunaSilva commented

@RomeoValko-1592 Thanks for providing the detailed information of the issue.

Product team is aware of this issue (This is a known issue and )the fix will be rolled out in GA very soon.(The bug has already been fixed ) . I will keep you post updated the GA release or Get the latest updates on Azure products and features to meet your cloud investment needs. Subscribe to notifications to stay informed

Please let us know if you have any further queries. I’m happy to assist you further.


Please do not forget to 167085-screenshot-2021-12-10-121802.png and 167005-image.png wherever the information provided helps you, this can be beneficial to other community members.




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Sumarigo-MSFT how long will it take this feature to be available in GA

0 Votes 0 ·
AlanKinane avatar image
0 Votes"
AlanKinane answered

I have the same issue here. It only works with the 'write' permission added like you said. This feature for storage accounts is still in public preview so it may be the case that this is a current issue or limitation with the feature although I don't see it listed as a known issue currently.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RomeoValko-1592 avatar image
0 Votes"
RomeoValko-1592 answered

@Sumarigo-MSFT Thanks for letting me know. In that case I'll wait patiently until the fix will be deployed :)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.