Topic "Hidden root folder, cannot descend to subfolders"

Author Message
itias

Guest


Hi Martin,

Looks like WinSCP needs to be able to read/list the root (/) directory on the server before it can navigate downward to a subordinate directory in the tree to where the user specific permissions exist. In the situation like ours where there is a security requirement of keeping all of the other existing directories invisible to users other than where the user has permissions in, cannot work properly with the way the WinSCP client application behaves.
WS_FTP Pro, Filezilla, and even command line PSFTP do not operate this way and as such they work OK. Is there a hidden option somewhere or are you planning to include descending to remote directory without listing the root folder in one of the next WinSCP versions?

Regards

Greg
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
I do not see why it should not work with WinSCP. Please explain what is the actual problem.
_________________
Martin Prikryl
itias

Guest


The problem is that our ftp server is set up in the way that FTP's root directory is not visible to all users, only the subdirectories. So let's say our structure is the following:
/+
|-subdir1
|-subdir2
.
.
|-subdir9

When connecting to FTP server you cannot access / folder but all subdirs can be accessible when using FileZilla and WS_FTP Pro, but not when using WinSCP.
It seems that your tool issues LIST command for / before actual changing dir to one of subdirectories.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
You have just repeated your first post. But I need you to explain me what happens that prevents you accessing the subfolders? Any error message?
_________________
Martin Prikryl
Guest




Hi Martin,

Sorry I just thought I made myself not very clear in my first post. I have the log from client side and I will ask our infrastructure team to provide logs from server side as well. The actual error message was:

Error changing directory to '/temp_use'.
No such file or directory.
Error code: 2
Error message from server (en): File not found
Request code: 7

Client log:
. 2010-08-11 11:38:33.531 --------------------------------------------------------------------------
. 2010-08-11 11:38:33.531 WinSCP Version 4.2.7 (Build 758) (OS 5.1.2600 Service Pack 2)
. 2010-08-11 11:38:33.531 Login time: Wednesday, August 11, 2010 11:38:33 AM
. 2010-08-11 11:38:33.531 --------------------------------------------------------------------------
. 2010-08-11 11:38:33.531 Session name: stest001@xxxx.xxxx.xxxx
. 2010-08-11 11:38:33.531 Host name: xxxx.xxxx.xxxxm (Port: 22)
. 2010-08-11 11:38:33.531 User name: stest001 (Password: No, Key file: No)
. 2010-08-11 11:38:33.531 Tunnel: No
. 2010-08-11 11:38:33.531 Transfer Protocol: SFTP (SCP)
. 2010-08-11 11:38:33.531 Ping type: -, Ping interval: 30 sec; Timeout: 15 sec
. 2010-08-11 11:38:33.531 Proxy: none
. 2010-08-11 11:38:33.531 SSH protocol version: 2; Compression: No
. 2010-08-11 11:38:33.531 Bypass authentication: No
. 2010-08-11 11:38:33.531 Try agent: Yes; Agent forwarding: No; TIS/CryptoCard: No; KI: Yes; GSSAPI: No
. 2010-08-11 11:38:33.531 Ciphers: aes,blowfish,3des,WARN,arcfour,des; Ssh2DES: No
. 2010-08-11 11:38:33.531 SSH Bugs: -,-,-,-,-,-,-,-,-
. 2010-08-11 11:38:33.531 SFTP Bugs: -,-
. 2010-08-11 11:38:33.531 Return code variable: Autodetect; Lookup user groups: Yes
. 2010-08-11 11:38:33.531 Shell: default, EOL: 0
. 2010-08-11 11:38:33.531 Clear aliases: Yes, Unset nat.vars: Yes, Resolve symlinks: Yes
. 2010-08-11 11:38:33.531 LS: ls -la, Ign LS warn: Yes, Scp1 Comp: No
. 2010-08-11 11:38:33.531 Local directory: C:\Temp, Remote directory: /temp_use, Update: No, Cache: Yes
. 2010-08-11 11:38:33.531 Cache directory changes: Yes, Permanent: Yes
. 2010-08-11 11:38:33.531 DST mode: 1
. 2010-08-11 11:38:33.531 --------------------------------------------------------------------------
. 2010-08-11 11:38:33.531 Looking up host "xxxx.xxxx.xxxx"
. 2010-08-11 11:38:33.531 Connecting to xxxx.xxxx.xxxx port 22
. 2010-08-11 11:38:33.890 Server version: SSH-2.0-1.36 sshlib: GlobalScape
. 2010-08-11 11:38:33.890 We believe remote version ignores SSH-2 maximum packet size
. 2010-08-11 11:38:33.890 Using SSH protocol version 2
. 2010-08-11 11:38:33.890 We claim version: SSH-2.0-WinSCP_release_4.2.7
. 2010-08-11 11:38:33.890 Using Diffie-Hellman with standard group "group1"
. 2010-08-11 11:38:33.890 Doing Diffie-Hellman key exchange with hash SHA-1
. 2010-08-11 11:38:34.390 Host key fingerprint is:
. 2010-08-11 11:38:34.390 ssh-dss 1024 c3:ac:25:f6:c8:01:0a:96:0a:a4:10:74:31:7f:52:d2
. 2010-08-11 11:38:34.390 Initialised Blowfish-128 CBC client->server encryption
. 2010-08-11 11:38:34.390 Initialised HMAC-SHA1 client->server MAC algorithm
. 2010-08-11 11:38:34.390 Initialised Blowfish-128 CBC server->client encryption
. 2010-08-11 11:38:34.390 Initialised HMAC-SHA1 server->client MAC algorithm
! 2010-08-11 11:38:34.859 Using username "stest001".
. 2010-08-11 11:38:35.812 Prompt (6, SSH password, , &Password: )
. 2010-08-11 11:38:42.625 Sent password
. 2010-08-11 11:38:42.796 Access granted
. 2010-08-11 11:38:42.984 Opened channel for session
. 2010-08-11 11:38:43.500 Started a shell/command
. 2010-08-11 11:38:43.500 --------------------------------------------------------------------------
. 2010-08-11 11:38:43.500 Using SFTP protocol.
. 2010-08-11 11:38:43.500 Doing startup conversation with host.
> 2010-08-11 11:38:43.500 Type: SSH_FXP_INIT, Size: 5, Number: -1
< 2010-08-11 11:38:43.671 Type: SSH_FXP_VERSION, Size: 5, Number: -1
. 2010-08-11 11:38:43.671 SFTP version 3 negotiated.
. 2010-08-11 11:38:43.671 We believe the server has signed timestamps bug
. 2010-08-11 11:38:43.671 We will use UTF-8 strings for status messages only
. 2010-08-11 11:38:43.671 Changing directory to "/temp_use".
. 2010-08-11 11:38:43.671 Getting real path for '/temp_use'
> 2010-08-11 11:38:43.671 Type: SSH_FXP_REALPATH, Size: 18, Number: 16
< 2010-08-11 11:38:43.843 Type: SSH_FXP_NAME, Size: 39, Number: 16
. 2010-08-11 11:38:43.843 Real path is '/temp_use'
. 2010-08-11 11:38:43.843 Trying to open directory "/temp_use".
> 2010-08-11 11:38:43.843 Type: SSH_FXP_LSTAT, Size: 18, Number: 263
< 2010-08-11 11:38:44.031 Type: SSH_FXP_STATUS, Size: 33, Number: 263
< 2010-08-11 11:38:44.031 Status code: 2, Message: 263, Server: File not found, Language: en
* 2010-08-11 11:38:44.031 (ECommand) Error changing directory to '/temp_use'.
* 2010-08-11 11:38:44.031 No such file or directory.
* 2010-08-11 11:38:44.031 Error code: 2
* 2010-08-11 11:38:44.031 Error message from server (en): File not found
* 2010-08-11 11:38:44.031 Request code: 7
. 2010-08-11 11:38:45.484 Getting current directory name.
. 2010-08-11 11:38:45.484 Getting real path for '.'
> 2010-08-11 11:38:45.484 Type: SSH_FXP_REALPATH, Size: 10, Number: 528
< 2010-08-11 11:38:45.656 Type: SSH_FXP_NAME, Size: 23, Number: 528
. 2010-08-11 11:38:45.656 Real path is '/'
. 2010-08-11 11:38:45.656 Listing directory "/".
> 2010-08-11 11:38:45.656 Type: SSH_FXP_OPENDIR, Size: 10, Number: 779
< 2010-08-11 11:38:45.828 Type: SSH_FXP_HANDLE, Size: 10, Number: 779
> 2010-08-11 11:38:45.828 Type: SSH_FXP_READDIR, Size: 10, Number: 1036
< 2010-08-11 11:38:46.000 Type: SSH_FXP_STATUS, Size: 22, Number: 1036
< 2010-08-11 11:38:46.000 Status code: 1
. 2010-08-11 11:38:46.000 Listing file "/..".
> 2010-08-11 11:38:46.000 Type: SSH_FXP_LSTAT, Size: 12, Number: 1287
< 2010-08-11 11:38:46.171 Type: SSH_FXP_STATUS, Size: 33, Number: 1287
< 2010-08-11 11:38:46.171 Status code: 2, Message: 1287, Server: File not found, Language: en
> 2010-08-11 11:38:46.171 Type: SSH_FXP_CLOSE, Size: 10, Number: 1540
* 2010-08-11 11:38:46.171 (ECommand) Error listing directory '/'.
* 2010-08-11 11:38:46.171 Server returned empty listing for directory '/'.
. 2010-08-11 11:38:47.578 Startup conversation with host finished.
. 2010-08-11 11:39:34.843 Closing connection.
. 2010-08-11 11:39:34.843 Sending special code: 12
. 2010-08-11 11:39:34.843 Sent EOF message
Guest




Unfortunately nothing interesting in the server log. Connecting and disconnecting, that's it. Is there anything else you would need from us in order to troubleshoot this issue?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
Thanks for far. I'm investigating it. Will get back to you soon.
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
I cannot test your scenario exactly, because I cannot change root directory permissions or any server I have access to. But setting 111 permissions to any other directory does not prevent me to change to any of its readable subdirectories. Can you try if you are having the same problem with non-root directories?
itias

Guest


Our SFTP server is not a typical Unix SFTP service. It is the GlobalScape Secure FTP v2.0.6 server application. Permissions are not set the same as they would be using chmod in Unix but rather are controlled within the SFTP server software application management tool. See the screenshots below.
Screenshot1
This is a typical user the home folder is not defined and relies on the actual server root which is shown in Screenshot 2.
<invalid hyperlink removed by admin>
Screenshot2
This shows the options for permissions on the server at its root level. Two groups are defined at this level, All Users with Show in list and Administrative with All Permissions.
If the checkbox List is enabled for all users then WinSCP will work but the test user can then navigate into any directory off the root and see all folders.
<invalid hyperlink removed by admin>
Screenshot3
Note the home folder is defined and treated as the root here for stest001 this method works with WinSCP but it cannot be used for users with access to multiple folders that are one level down from the *actual* SFTP server root.
<invalid hyperlink removed by admin>

If you would like we can demonstrate in a screen sharing session with you to show the environment.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
May I have a test account on your server?
_________________
Martin Prikryl
Guest




Hi Martin,

Checking with our server folks if it is in DMZ so you can have access to it and also we need to get confirmation from security. Will let you know soon.

Thanks!
Guest




Hi Martin,

I would like to send you instructions and login information for accessing our server. What email address can I send it to?

Thanks

Greg
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
You will find my email address in my forum profile, if you log in.
_________________
Martin Prikryl
itias

Guest


Martin, I have sent you our FTP server details by email few days ago, but have not received any confirmation. Have you been able to verify our findings yet?

Thanks

Greg
lord xeon
[View user's profile]

Joined: 2010-09-13
Posts: 3
I'm not sure if my problem is the same, but to me it sounds similar.

I can login to my server fine as root, user1, user2, user37... and I get sent to each user's directory. However whenever I try to navigate to / I get
"Host is not communicating for more then 15 seconds. Still waiting..."

I've just recently done a fresh install of Debian 5, and while I was still setting up the server, and transferring old config files, and stats data, I had no problem. Then seemingly out of the blue something changed and I cannot change paths.

Did i screw up permissions somewhere?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
itias wrote:
Martin, I have sent you our FTP server details by email few days ago, but have not received any confirmation. Have you been able to verify our findings yet?

I was away for few days. I'll check it tonight.
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24991
Location: Prague, Czechia
lord xeon wrote:
I'm not sure if my problem is the same, but to me it sounds similar.

I can login to my server fine as root, user1, user2, user37... and I get sent to each user's directory. However whenever I try to navigate to / I get
"Host is not communicating for more then 15 seconds. Still waiting..."

I've just recently done a fresh install of Debian 5, and while I was still setting up the server, and transferring old config files, and stats data, I had no problem. Then seemingly out of the blue something changed and I cannot change paths.

Did i screw up permissions somewhere?

Please move this to a separate thread and post a full log file showing the problem.

To generate log file, enable logging, log in to your server and do the operation and only the operation that causes the error. For posting extensive logs you may use pastebin or similar application. Note that passwords and passphrases not stored in the log. You may want to remove other data you consider sensitive though, such as host names, IP addresses, account names or file names (unless they are relevant to the problem). If you do not want to post the log publicly, you may email it to me. You will find my address (if you log in) in my forum profile. Please include link back to this topic in your email. Also note in this topic that you have emailed the log.
_________________
Martin Prikryl
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License