Although SFTP is an easy-to-utilize and secure file transfer protocol, many people often face i of the most infamous SFTP errors, the "SFTP permission denied."

As the error output reads, this consequence is due to the lack of permissions to access a file or directory. Generally, you would however have access to the SFTP server via SSH, but you won't be able to change a specific file or directory. Another like mistake message is the "SFTP permission denied (public key)," where you won't even be able to access the server via SFTP or SSH.

In this mail service, we'll go through the 2 cases. Start, we'll learn to check and update the user/grouping file/binder permissions, and 2d, we'll figure out why nosotros are getting hallmark/admission permission denied due to the public key.

To illustrate a clearer picture of the "sftp permission denied" mistake scenario, we'll use an AWS EC2, Ubuntu (Focal-20.04-amd64-server). Nosotros will utilize the default user "ubuntu" and add together a new sftp01 user. By default, AWS doesn't grant "root" SSH access to the EC2 instances due to security'south all-time practices.

1. The "SFTP permission denied" mistake

Regardless of which SFTP client you apply, when y'all SFTP into a server and endeavor to supersede, edit, delete, or overwrite a file or directory, y'all become "an SFTP permission denied" error message.

An case:

Cannot create remote file 'ver'.
Permission denied.
Fault code: iii
Error bulletin from server: Permission denied

In Windows, while using an SFTP client, like WinSCP or FileZilla, the message looks like this:

Error Message: SFTP permission denied

Generally, y'all are successfully connecting via SFTP or SSH with the aforementioned user, but y'all tin't modify, change, or overwrite the file via SFTP. Just if y'all cannot even connect via SFTP or SSH, you might be getting a like error message that reads "SFTP permission denied (public central)".

The reason for these error messages is by and large due to incorrect or lack of permissions. For example, you might have read, write, execute permissions on your local file (or folder), only the remote folder (or file) might non exist accepting your actions (read, write, or execute).

File permissions 101

Since this fault is most probable related to incorrect permissions, you'll have to figure out why you don't take the say-so to edit, change, or upload a file or directory.

  • Log in to the SFTP server using SSH and utilise the command "$ whoami" to see your username.
  • Suppose the user logged in to the SFTP server does non take the necessary permissions (such as read command, "ls") to a specific directory or file. In that case, y'all'll become a bulletin similar: "ls: cannot open directory '/root': Permission denied".

For security reasons, some cloud providers like AWS carve up root access from other users. In this case, my "ubuntu" user does not accept access to the root user's binder. This is only because both users vest to different groups with different permissions.

ubuntu Permission denied

  • Use "$ls -l" to become a long detailed list of files, directories, and permissions. This command will help you see whether your user (inside a group) has the correct permissions to a file. The below screenshot shows the output of this command.

Output of $ls -l command

  • The relevant output columns:
    • (1)-Permission level The first grapheme, (fifty or d), represents a symbolic link or directory, while (-) represents a regular file. The next set of 3 characters (rwx, where: r=read, due west=write, x=execute, and – = no permission) represent user permissions, the next three correspond group permissions, and the last iii characters are "others" permissions.
    • (2, 3)-User and grouping The adjacent column (two and 3) represents the file or directory owner and the group.
    • (4) – Name of the file, directory, or symbolic link.

So, what we tin become from the output is that the file (-) "exam.txt" belongs to the user/group (ubuntu/ubuntu). Every bit for the permission level, "-rw-rw-r—" the "user" and "group" can both read and write, while all others can only read.

  • To troubleshoot the SFTP permission denied, you'll need to determine if your "other" user belongs to the grouping with read and write (rw) permissions (for instance, "ubuntu" in this instance).
  • Use the "$ groups" command to meet the grouping your current user is associated with. And then, in this example, the user "ubuntu" does not vest to the "root" group, and so it does non have access to /root folder, as initially stated. The "sudo" group is the one granting elevated privileges.

$ groups command

Solutions: How to fix the SFTP permission denied?

So now that we know how to check users, groups, and their file/folder permissions, allow's solve the "SFTP permission denied" error. Carry in listen that the majority of commands hither require higher privilege to execute.

The command (ls -fifty) is handy to let yous see the permissions of the target directory or file. If the file or directory belongs to another user, group or it does not permit either writing (for instance, drwxr-xr-x) for the group and other users, you'll demand to grant the correct set of permissions.

Solution ane. Assign the user without permission to a group with permissions to the file or directory

Use the (ls- 50) control to see the owner and group a file belongs to. If it belongs to a different grouping your user does not belong to, you'll need to assign your user to this group.

Utilise the following control to assign your user to the group permission instead of reading and writing (rw). Subsequently doing this, effort SFTP again.

  • $ sudo usermod -a -Thousand [target grouping] $USER

Solution 2. Utilize the (chown) command to change buying of the single file or directory

Rather than assign a new group to your user, you can alter the buying of a file or directory. For example, let's say the "sftp01" user gets an SFTP permission denied every fourth dimension it wants to edit or overwrite the "test01.txt" file. To see who owns this specific file, become to the binder where you are getting the sftp permission denied and do a (ls -l), and then use (chown) to change the ownership.

  • $ sudo chown [user] [file]

chown command to change ownership of the single file or directory

Annotation: If you are working under an admin or root office, be careful not to change the entire ownership of a directory and subdirectory with -R recursive ownership, as this can affect access and authentication to the SFTP server (we'll go to this later on).

Solution 3. Grant the advisable permission

Use the "chmod" command to change the file or directory permissions. The suggested permission levels when using the chmod are 755 for file and 644 for directory permission.

  • chmod 755: Read and execute access for everyone. Read, write, and execute access for the owner of the file. For example, when you do a "$chmod 755 examplefile", you allow everyone to read and perform the file, while only the possessor is entitled to read, write, and execute the file.
  • chmod 777: Employ the chmod 777 (-rwxrwxrwx) if you desire to allow everyone, including the possessor, group, and others, to read, write, and execute. Granting this level of "openness" is non a good security practice, only yous can use it for testing purposes.
  • chmod 644: The user (or owner) can read, write but can't execute. The group and others tin read but can't write and execute. This command is suggested for directories.

The "$sudo chmod 775 [filename]" control will alter the permission structure of the file. As mentioned in a higher place, with (-rwxrwxr-x) (775), the file volition exist readable and executable past everyone (r-x) "others".

$sudo chmod 775 [filename] command

Use Recursive to add permission subdirectories as well

You lot can apply the "sudo chmod -R [mode] [file or directory]". The [-R] changes files and directories recursively, so utilise this with intendance.  It allowss the user to read, write, or execute to all sub-directories and files.

Solution 4. Permission denied due to failed hallmark

Some other variation for the SFTP permission denied is due to authentication. You tin't even access your SFTP server from the SFTP client. If you go the "Permission denied (public fundamental)," you won't exist able to access and cosign to the server via SSH.

Permission denied due to failed authentication

To solve this result, attempt the following:

  • Cheque your username You lot might be using the incorrect username, but correct public key and thus go the permission denied error. Check whether yous are using the correct username in your SFTP customer. But nonetheless, if the username is right just is not authorized to utilize the key, you'll also get permission denied (public central).
  • Permissions at the server are wrong This is because the permission to the files under the home directory inverse. Users might be locked out if the "authorized_keys" (nether /.ssh/authorized_keys, for Linux Ubuntu) file permission or buying changed. An admin has to log in with root access or connect via the serial console to adjust the habitation directory file permissions. Every bit mentioned earlier, applying "chmod -R" incorrectly tin affect all home directory subdirectories, including .ssh and authorized_keys files.
  • Check the SSH public central (.pub) on the local reckoner Make sure you are using the right public fundamental in the authorized_keys file. To add a new public primal to an SFTP client with FileZilla. Go to Settings > Connection > SFTP > click on "Add together key file…" Browse through your local files and import the right key.

import the right key

Configuring permissions with culling SFTP server tools

1. SolarWinds SFTP/SCP Server – Free TOOL

Solarwinds SFTP/SCP server

The Solarwinds SFTP/SCP server is a free tool for reliable and secure file transfers. It is piece of cake to use, calorie-free and runs every bit a Windows service. In add-on, SFTP provides advanced SFTP features such as concurrent transfers from multiple devices or limits admission by authorizing a specific or range of IPs.

This tool pushes Os images, configuration files, updates, fill-in files, or transfer files upwardly to 4GB. In addition, this SFTP server provides primary authentication admission to the server and only allows i binder for all users.

Website Link: https://www.solarwinds.com/free-tools/free-sftp-server

Free Download!

two. SolarWinds Serv-U FTP/MFT Server – Gratuitous TRIAL

SolarWinds Serv-U-FTP-MFT-Server

The SolarWinds Serv-U FTP/MFT Server is a more advanced SFTP server that lets you handle large and multiple file transfers. It supports upward to 250 users, 100 concurrent sessions, upward to 3 domains and allows a fine-grained access control over those resources.

With Serv-U, you can hands change and update user and folder access and permissions. In addition, information technology provides a directory admission dominion-based command that allows you to alter permissions on files and directories.

SolarWinds Serv-U FTP/MFT Server

Website Link: https://world wide web.solarwinds.com/serv-u-managed-file-transfer-server

Download fourteen-mean solar day Complimentary Trial!

Final Words

The "SFTP permission denied" mistake message occurs when your SFTP server doesn't allow your user (inside a grouping) to alter or overwrite a file or directory. To solve this, you'll take to SSH into the SFTP server, observe the file/directory and place its current permission mode and ownership. Then, y'all'll have to change the permissions equally specified in this post. The second SFTP permission denied (public key) message occurs when you are logging with an incorrect user, public key, or the user doesn't accept the necessary permission to access the cardinal file in the server.

Alternatively, you can use an SFTP server such as SolarWinds Serv-U FTP/MFT Server, which gives yous more flexibility when configuring permissions. This tool will assist y'all avert the "SFTP permission denied" and fix it for all the SFTP users.