Curl Curl: (9) Upload Failed: Permission Denied (3/-31)

Although SFTP is an easy-to-apply and secure file transfer protocol, many people oft face one of the most infamous SFTP errors, the "SFTP permission denied."

As the error output reads, this issue is due to the lack of permissions to access a file or directory. Generally, you lot would still have access to the SFTP server via SSH, only you won't be able to modify a specific file or directory. Another similar error message is the "SFTP permission denied (public key)," where you won't even be able to access the server via SFTP or SSH.

In this post, we'll go through the two cases. First, we'll learn to check and update the user/group file/folder permissions, and second, we'll figure out why we are getting authentication/access permission denied due to the public key.

To illustrate a clearer picture of the "sftp permission denied" error scenario, nosotros'll use an AWS EC2, Ubuntu (Focal-20.04-amd64-server). Nosotros will utilise the default user "ubuntu" and add a new sftp01 user. Past default, AWS doesn't grant "root" SSH access to the EC2 instances due to security'due south all-time practices.

1. The "SFTP permission denied" error

Regardless of which SFTP client you lot utilise, when you SFTP into a server and try to supercede, edit, delete, or overwrite a file or directory, y'all become "an SFTP permission denied" error message.

An example:

Cannot create remote file 'ver'.

Permission denied.

Error code: iii

Error message from server: Permission denied

In Windows, while using an SFTP client, like WinSCP or FileZilla, the message looks like this:

Generally, you are successfully connecting via SFTP or SSH with the aforementioned user, simply you lot tin't change, alter, or overwrite the file via SFTP. Only if you cannot fifty-fifty connect via SFTP or SSH, you might be getting a like error message that reads "SFTP permission denied (public cardinal)".

The reason for these error messages is generally due to wrong or lack of permissions. For instance, you might have read, write, execute permissions on your local file (or folder), but the remote folder (or file) might not be accepting your actions (read, write, or execute).

File permissions 101

Since this fault is most probable related to incorrect permissions, you'll have to figure out why you don't take the say-so to edit, change, or upload a file or directory.

• Log in to the SFTP server using SSH and use the control "$ whoami" to run across your username.
• Suppose the user logged in to the SFTP server does not have the necessary permissions (such as read control, "ls") to a specific directory or file. In that case, you'll get a message like: "ls: cannot open up directory '/root': Permission denied".

For security reasons, some cloud providers like AWS separate root access from other users. In this case, my "ubuntu" user does not have access to the root user's folder. This is but considering both users belong to dissimilar groups with dissimilar permissions.

• Apply "$ls -l" to become a long detailed listing of files, directories, and permissions. This command will aid y'all see whether your user (within a group) has the correct permissions to a file. The below screenshot shows the output of this control.

• The relevant output columns:
  • (ane)-Permission level The first character, (50 or d), represents a symbolic link or directory, while (-) represents a regular file. The next prepare of three characters (rwx, where: r=read, west=write, x=execute, and – = no permission) represent user permissions, the next three represent grouping permissions, and the last 3 characters are "others" permissions.
  • (2, 3)-User and group The next column (2 and 3) represents the file or directory owner and the grouping.
  • (iv) – Proper name of the file, directory, or symbolic link.

And so, what we tin get from the output is that the file (-) "exam.txt" belongs to the user/group (ubuntu/ubuntu). As for the permission level, "-rw-rw-r—" the "user" and "group" can both read and write, while all others tin merely read.

• To troubleshoot the SFTP permission denied, you'll need to determine if your "other" user belongs to the grouping with read and write (rw) permissions (for instance, "ubuntu" in this case).
• Use the "$ groups" control to run into the grouping your electric current user is associated with. Then, in this case, the user "ubuntu" does not vest to the "root" grouping, and so it does not have access to /root binder, every bit initially stated. The "sudo" group is the one granting elevated privileges.

Solutions: How to fix the SFTP permission denied?

So now that we know how to check users, groups, and their file/folder permissions, permit'due south solve the "SFTP permission denied" error. Deport in mind that the majority of commands hither crave higher privilege to execute.

The control (ls -l) is handy to let you see the permissions of the target directory or file. If the file or directory belongs to another user, group or information technology does non let either writing (for example, drwxr-xr-10) for the grouping and other users, you lot'll need to grant the correct fix of permissions.

Solution 1. Assign the user without permission to a group with permissions to the file or directory

Use the (ls- 50) control to run into the owner and group a file belongs to. If it belongs to a different group your user does not belong to, you lot'll need to assign your user to this group.

Use the following command to assign your user to the grouping permission instead of reading and writing (rw). After doing this, try SFTP once again.

• $ sudo usermod -a -G [target grouping] $USER

Solution 2. Use the (chown) command to modify ownership of the unmarried file or directory

Rather than assign a new group to your user, you lot can alter the buying of a file or directory. For example, permit's say the "sftp01" user gets an SFTP permission denied every time it wants to edit or overwrite the "test01.txt" file. To see who owns this specific file, go to the binder where you are getting the sftp permission denied and do a (ls -l), then use (chown) to change the ownership.

• $ sudo chown [user] [file]

NOTE: If you are working nether an admin or root role, exist careful not to change the unabridged ownership of a directory and subdirectory with -R recursive ownership, as this tin can affect access and authentication to the SFTP server (we'll get to this afterwards).

Solution 3. Grant the appropriate permission

Apply the "chmod" control to modify the file or directory permissions. The suggested permission levels when using the chmod are 755 for file and 644 for directory permission.

• chmod 755: Read and execute access for everyone. Read, write, and execute admission for the owner of the file. For example, when y'all do a "$chmod 755 examplefile", y'all allow everyone to read and perform the file, while just the owner is entitled to read, write, and execute the file.
• chmod 777: Use the chmod 777 (-rwxrwxrwx) if you want to allow everyone, including the owner, group, and others, to read, write, and execute. Granting this level of "openness" is not a adept security practice, but y'all can use information technology for testing purposes.
• chmod 644: The user (or possessor) can read, write simply tin't execute. The group and others tin can read but can't write and execute. This command is suggested for directories.

The "$sudo chmod 775 [filename]" command will change the permission construction of the file. As mentioned above, with (-rwxrwxr-ten) (775), the file will exist readable and executable by everyone (r-10) "others".

Use Recursive to add permission subdirectories as well

You can apply the "sudo chmod -R [mode] [file or directory]". The [-R] changes files and directories recursively, so use this with care.  It allowss the user to read, write, or execute to all sub-directories and files.

Solution four. Permission denied due to failed hallmark

Another variation for the SFTP permission denied is due to authentication. You tin can't even access your SFTP server from the SFTP customer. If you lot get the "Permission denied (public key)," you lot won't be able to admission and authenticate to the server via SSH.

To solve this issue, attempt the following:

• Check your username You might be using the incorrect username, but correct public key and thus become the permission denied mistake. Cheque whether you are using the correct username in your SFTP client. But withal, if the username is correct but is non authorized to use the key, you'll also get permission denied (public central).
• Permissions at the server are incorrect This is considering the permission to the files under the habitation directory changed. Users might be locked out if the "authorized_keys" (under /.ssh/authorized_keys, for Linux Ubuntu) file permission or buying changed. An admin has to log in with root admission or connect via the serial console to suit the domicile directory file permissions. Equally mentioned earlier, applying "chmod -R" incorrectly tin affect all home directory subdirectories, including .ssh and authorized_keys files.
• Cheque the SSH public key (.pub) on the local calculator Make sure you are using the correct public key in the authorized_keys file. To add a new public key to an SFTP client with FileZilla. Become to Settings > Connection > SFTP > click on "Add together key file…" Browse through your local files and import the right key.

Configuring permissions with alternative SFTP server tools

ane. SolarWinds SFTP/SCP Server – Complimentary TOOL

The Solarwinds SFTP/SCP server is a complimentary tool for reliable and secure file transfers. It is easy to employ, light and runs as a Windows service. In addition, SFTP provides advanced SFTP features such equally concurrent transfers from multiple devices or limits access past authorizing a specific or range of IPs.

This tool pushes OS images, configuration files, updates, backup files, or transfer files up to 4GB. In add-on, this SFTP server provides primary authentication access to the server and only allows one folder for all users.

Website Link: https://world wide web.solarwinds.com/free-tools/free-sftp-server

Free Download!

2. SolarWinds Serv-U FTP/MFT Server – Complimentary TRIAL

The SolarWinds Serv-U FTP/MFT Server is a more advanced SFTP server that lets yous handle large and multiple file transfers. It supports upwardly to 250 users, 100 concurrent sessions, up to 3 domains and allows a fine-grained access control over those resources.

With Serv-U, you can easily alter and update user and folder admission and permissions. In addition, it provides a directory admission rule-based control that allows y'all to change permissions on files and directories.

Website Link: https://world wide web.solarwinds.com/serv-u-managed-file-transfer-server

Download 14-day Costless Trial!

Final Words

The "SFTP permission denied" error message occurs when your SFTP server doesn't allow your user (within a group) to modify or overwrite a file or directory. To solve this, y'all'll accept to SSH into the SFTP server, detect the file/directory and identify its current permission mode and ownership. Then, you lot'll take to change the permissions as specified in this post. The second SFTP permission denied (public cardinal) message occurs when y'all are logging with an incorrect user, public key, or the user doesn't accept the necessary permission to access the fundamental file in the server.

Alternatively, yous can employ an SFTP server such as SolarWinds Serv-U FTP/MFT Server, which gives you lot more flexibility when configuring permissions. This tool will assistance you lot avoid the "SFTP permission denied" and fix it for all the SFTP users.

williamsforgon.blogspot.com

Source: https://www.pcwdld.com/troubleshooting-sftp-permission-denied