EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Issue deleting unauthorized folder in SSHServer

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
Posted: 07/08/2014 13:01:32
by wilson  (Basic support level)
Joined: 07/08/2014
Posts: 2

I'm building a customized SFTP server using the sample codes from SSHServerDemo project as a base.

Currently I have a requirement as follows:
1. Users should not be able to delete folders created manually by the adminstrator.
2. Users could however delete the files in the folder.

I understand I can stop users from deleting the folder itself by handling the OnRemove event. The issue I'm facing currently is if the folder contains multiple files and if user attempts to delete the folder (which the server would not permit by the current requirement), the server would fire OnRemove event for the files first before it fires the event for the folder itself. In that case it is not possible for me to distinguish whether user is attempting to delete an individual file or the events are fired because the server is attempting to delete all files in the folder recursively.

In summary what actually happens behind the scene is that:
1. User attempts to delete an unauthorized folder with 3 files.
2. TElSFTPSSHSubsystemHandler fires OnRemove events for the 3 files and my event handler deletes the file (as it is a valid scenario for user to delete files).
3. TElSFTPSSHSubsystemHandler fires OnRemove event for the folder itself and my event handler sets the ErrorCode as insufficient permission.
4. User gets permission denied.
5. The folder itself is not deleted but the files within the folder are gone.

Is there a way for me to handle such situations? I've tried setting the TElSftpFileAttributes sticky bit for the directory to true but that doesn't seem to help.
Posted: 07/08/2014 13:12:28
by Eugene Mayevski (Team)

This is a common problem and the common answer is "no, you can't know this". This is true for any file system, be it the local filesystem of Windows or remotely accessed filesystem.

You need to reconsider the whole case: do you have to protect the files in any non-deletable folder? If yes, then you know the paths of the files as they are deleted, and thus can prevent deletion of the files as well as the folder. If you don't have to protect the files, then why bother at all?

If you let the users delete files one by one but not all together - that's not an obstacle for the user as he can delete them one by one manually.

Sincerely yours
Eugene Mayevski
Posted: 07/08/2014 13:26:05
by wilson  (Basic support level)
Joined: 07/08/2014
Posts: 2

Thanks for your answer.

It is acceptable for the users to delete the files in the non-deletable folders.

The issue I'm having now is if the user attempts to delete the non-deletable folder he'd get a permission denied error message - this part is handled fine. In this case what the user would expect is that since the folder deletion is unsuccessful, the files within the folder should also remain intact. However by the current design the files within the folder would be deleted for each unsuccessful folder deletion attempt.
Posted: 07/08/2014 13:28:48
by Eugene Mayevski (Team)

Most file managers including Explorer will first purge the directory (delete all files and subdirectories), then try to delete it.

What you can do is IF files from "protected" directory are deleted, move them away. If the file deletion operation is followed by failing attempt to remove the protected directory itself, give the error and bring the files back to the protected directory. If the user logs off without deleting the directory - delete the files permanently. There's a risk that user session is interrupted in the middle of the directory purge process, but there's nothing you can do in this scenario.

Sincerely yours
Eugene Mayevski



Topic viewed 556 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!