"You do not have permission to access..." error when trying to browse SSHFS-WIN mounted drive

[cj-obrien]

WinFSP version 1.4.19049 SSHFS-WIN version 2.7.17334 Windows 10 Pro version 1809

I'm attempting to mount the home directory on my Ubuntu box with:

net use D: \\sshfs\cobrien@<Ubuntu box IP address>

This appears to succeed; the 'D' drive appears in Windows Explorer and the sshd logs on the Ubuntu box show that the SSH session was established. However, clicking on drive 'D' in Windows Explorer results in the following pop-up:

Any idea how I would go about debugging this?

[billziss-gh]

It looks like permissions for SSHFS are not set up properly for some reason. Can you try also with the latest SSHFS and WinFsp Beta and see if the problem persists?

[cj-obrien]

Tried SSHFS 3.5.19106 and WinFSP 1.5.19090 (I had an issue installing the most recent beta). Same error message.

[ham1255]

i have same problem i am not sure why its keep doing this

[ineedbots]

Maybe it is caused by a Windows Domain change? When I check the Security in the properties menu of the mounted drive in explorer, when it does work, my current user exists within the list of users. However when the permissions do not work, I do not see my current user.

[khoran]

I'm having this same problem. sshfs-win-3.5.19106-x64 and winfsp-1.5.19192 . I'm on windows 10 pro. Login to the machine is done with Azure active directory (cloud login, not quite the same as a real active directory). Don't know if that has anything to do with it. Let me know if there is anything I can check or any info I can give you. Thanks.

[ham1255]

2 months later lol still no fix for this

[khoran]

If I log in as a local Administrator, then the mount works fine, but then logging back in as an Azure Active Directory user, I get the same error as above.

If it would help you debug this, I happen to have a test-bed Azure / office365 setup that I could give you an account on, if you had a win10 machine you could join to it.

[Aristocles]

I'm having this same issue although found a workaround.

net use i: \sshfs\ec2-user@ # to mount the drive

Presumably it mounted /home/ec2-user When trying to double-click on I: I get the same error as OP. I have 'blah' directory in /home/ec2-user and I am able to navigate to it fine when I type in i:\blah in Windows Explorer address bar.

[ham1255]

Can you make steps can i need this program so baddly in my environment

[Aristocles]

I'm having this same issue although found a workaround.

net use i: \sshfs\ec2-user@ # to mount the drive

Presumably it mounted /home/ec2-user When trying to double-click on I: I get the same error as OP. I have 'blah' directory in /home/ec2-user and I am able to navigate to it fine when I type in i:\blah in Windows Explorer address bar.

Further to this, I found you could simply mount using:

net use x: \sshfs\myUsername@myDomain.com\a_folder_inside_users_homeDir

So as an example, I had a folder /home/ec2-user/myFolder. I used command

net use x: \sshfs\myUsername@myDomain.com\myFolder

[ham1255]

Then i type the password?

[Aristocles]

If you dont type the password in the net use command it'll just prompt you for it

[ham1255]

That work around didnt work for me i noticed when i installed the program on new computer it worked and saw 3 users in permission propites but on old one saw 2 and reinstalling doesnt effect anything

[ham1255]

@billziss-gh is there way to remove everything related to the program then do full reinstall?

[billziss-gh]

Just run the installer which will allow you to uninstall everything.

[ham1255]

@billziss-gh Problem still there

[RicardoBrancas]

I have four partitions on the same machine and this problem only occurs on the two that use btrfs as a filesystem. The ones using NTFS and ext4 work fine. The workaroud described above also works for me.

Edit: WinFSP 1.4.19049 sshfs-win 3.5.19106 Windows 10 Enterprise 1903

[ham1255]

That work arround didnt work for me as its permission error by windows side

[mcsjosh]

This happens to me whenever I try to access a file or directory that isn't world-readable, even if it's owned and readable by the remote user that I log in as. However, the problem only occurs when I map or access the drive from an admin Windows account. As long as I both map and access the drive from a non-admin account, I can access non-world-readable files normally.

For example, my home directory on the SSH server is:

drwx------. 8 Josh Josh 4.0K Jan 29 09:57 Josh

and it contains the following directories:

drwx------. 2 Josh Josh 4.0K Jun 19  2015 mail
drwxr-x---. 2 Josh Josh 4.0K Jan 29 09:54 test
drwxr-xr-x. 2 Josh Josh 4.0K Jan 29 09:56 test2
drwxr-xr--. 2 Josh Josh 4.0K Jan 29 09:57 test3

From Explorer on my Windows client (while logged in as an admin), I map Y: to "\\sshfs\Josh@192.168.254.41\" and enter my password when Windows prompts me for it. When I try browsing to "Y:\", I get the same error as the OP. I also get that error if I browse to "Y:\mail" or "Y:\test", but I can successfully browse to "Y:\test2" or "Y:\test3". If I change the permissions on my home directory to make it world-readable, I can then open "Y:\" itself.

I can access all of these directories fine when using a normal SSH client (WinSCP).

I'm using WinFsp 2019.3 and SSHFS-Win 2020 (x86) on Win10 Pro 1809. The SSH servers that I've tested with are CentOS 7 and Lubuntu 16.04.6 LTS, both running OpenSSH's sshd. On both servers, the home directory is on an ext4 partition.

[bersbersbers]

Thanks, @mcsjosh ! Had the same problem, chmod 777 /home/$USER fixed it.

(However, be careful if you use certificate-based SSH authentication - this may lock you out.)

A better solution: add -o umask=000 like i any of these:

"C:\Program Files\SSHFS-Win\bin\sshfs.exe" -d -o umask=000 -o ssh_command=bin/ssh.exe user@host: X:
"C:\Program Files\SSHFS-Win\bin\sshfs-win.exe" cmd -d -o umask=000 -o ssh_command=bin/ssh.exe user@host: X:
"C:\Program Files\SSHFS-Win\bin\sshfs-win.exe" svc \sshfs.k\user@host X: -d -o umask=000 -o ssh_command=bin/ssh.exe

[ineedbots]

This is still a problem...

[G7OCD]

I'm also seeing this happen with AzureAD accounts. Works fine on local accounts. Happy to help narrow the problem down if someone can start me in the right direction.

[astadmistry]

I also had this problem, I can now access the files! Try out the below code...

"C:\Program Files\SSHFS-Win\bin\sshfs-win" svc \sshfs.rk\root@HOSTNAME!PORT/.. G: -oIdentityFile=/c/Users/abc/.ssh/id_ed25519 -oallow_root -oumask=0000 -ouid=-1 -ogid=-1 -odebug

[megazet404]

Summary:

• For me, the problem happens only in Windows 10, but doesn't happen in Windows 8.
• The problem happens for directories that miss group permissions (the home directory is one of such directories). Run chmod g+rwx your_dir and you will be able to browse directory and modify files.
• Adding -o umask=000 option to sshfs.exe somehow fixes the problem.

Please, fix the problem.

[megazet404]

It looks like, when umask is not specified explicitly, then absence of permissions is taken as prohibition. For example, execute the following commands for a directory:

chown user:user dir
chmod 707 dir

After that, you have access to the directory, because you are the owner. Yes, your group has no permissions to access, but you still has access because you are allowed as the owner. But SSHFS-Win forbids you to access the directory anyway. It sees that your group has no access to the directory. It ignores the fact that you are allowed as the owner and makes the absence of permissions for your group as prohibition and doesn't allow you to access the directory.

@billziss-gh, can you check this?

[megazet404]

Should umask clear permissions bits? Or umask is prohibition bits?

What does umask=070 mean? Does it mean to forbid group access? Or does it mean to clear group access (but you still may have access if you are owner)?

[bersbersbers]

@megazet404 not sure if this helps, but this is some code where umask and the likes are used, in particular

stbuf.st_mode = (stbuf.st_mode & 0170000) | (0777 & ~f->umask).

~ being negation (right?), it seems the masks set prohibition.

https://github.com/billziss-gh/winfsp/blob/b87c907af8aa98867c55088c86e00f0b24a4a942/src/dll/fuse/fuse_intf.c#L388-L389

https://github.com/billziss-gh/winfsp/blob/b87c907af8aa98867c55088c86e00f0b24a4a942/src/dll/fuse/fuse_intf.c#L807-L823