When using the «Folder permissions control» component together with «SFTP Server» and establishing an SFTP connection to the router, users can rename and move files and directories to which they have read-only access to any directory. They can also rename and move items to which they have no access at all if they have read access to the parent directory. Although I have not tested this, I suspect that using an SSH connection via the terminal, it is possible to move and rename not only visible items, but also those located in directories to which users do not have read access. Most likely, the SFTP server does not check for access to move and rename items at all.
This bug appeared in all the applications I used for testing. The only application that worked correctly with an SFTP connection and did not allow moving and renaming items was FileZilla (Windows 11). Why does everything work correctly only in this application? The SFTP server sends the correct access attributes to the file system elements, which are displayed in the FileZilla application. Most likely, only this application takes these access attributes into account and does not even attempt to rename or move files, while all other applications simply ignore the access attributes and perform the operation.
When using the SMB protocol, all permissions work correctly in all applications.
Despite the fact that v3.5.10 is the latest stable version for the router, and I installed the latest «delta» version, I don't think this bug only affects this router. I didn't check for the bug in v3.5.10 because I'm completely satisfied with v4.3.6.2. Everything suits me, except for this bug. Although I have the option to install version v5.* for this router, I have not seen any mention in the «Changelog» section of this forum that this bug has been fixed, so I am in no hurry to change the operating system version.
You can post now and register later.
If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.
Question
superuser
When using the «Folder permissions control» component together with «SFTP Server» and establishing an SFTP connection to the router, users can rename and move files and directories to which they have read-only access to any directory. They can also rename and move items to which they have no access at all if they have read access to the parent directory. Although I have not tested this, I suspect that using an SSH connection via the terminal, it is possible to move and rename not only visible items, but also those located in directories to which users do not have read access. Most likely, the SFTP server does not check for access to move and rename items at all.
This bug appeared in all the applications I used for testing. The only application that worked correctly with an SFTP connection and did not allow moving and renaming items was FileZilla (Windows 11). Why does everything work correctly only in this application? The SFTP server sends the correct access attributes to the file system elements, which are displayed in the FileZilla application. Most likely, only this application takes these access attributes into account and does not even attempt to rename or move files, while all other applications simply ignore the access attributes and perform the operation.
When using the SMB protocol, all permissions work correctly in all applications.
Here is what I used for the tests:
Despite the fact that v3.5.10 is the latest stable version for the router, and I installed the latest «delta» version, I don't think this bug only affects this router. I didn't check for the bug in v3.5.10 because I'm completely satisfied with v4.3.6.2. Everything suits me, except for this bug. Although I have the option to install version v5.* for this router, I have not seen any mention in the «Changelog» section of this forum that this bug has been fixed, so I am in no hurry to change the operating system version.
Edited by superuser0 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.