Why WinSCP breaks permissions (jail, chroot)?

You may think that WinSCP breaks permissions when it:

  • Allows user to leave chrooted (jailed) session;
  • Allows user to write to files/directories it does not have permissions to;
  • Does not allow user to write to files/directories it has permissions to.


In either case (or any other), it is not fault of WinSCP. As with most client-server architectures, with all file transfer protocols, it is the server who maintain an access. WinSCP as a file transfer client allows user to do whatever the file transfer protocol supports. It is the server who must reject operations which the user does not have permissions for.

Possible reasons you might be experiencing troubles with permissions:

  • Chroot/jail: Some software that chroots/jails sessions affect console sessions only, as they operate on shell-level. When using SFTP/FTP, shell is not used at all, so SFTP/FTP sessions break the chroot/jail. An opposite may be true as well. So when you are able to chroot/jail sessions on some access points (shell, FTP or SFTP) only, you need to make sure other access points are closed, otherwise any user is able to circumvent your restrictions by using them.
  • Cygwin: Cygwin software emulates Unix environment on Windows. As part of that it pretends that the files and directories have Unix style permissions. However it may not necessarily map these permissions correctly to the permissions of the underlying file system.

See also how to chroot/jail session.

Last modified: by martin