Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Couldn't fsetstat - permission denied errors with sftp-deploy Edited

I'm using the atlassian/sftp-deploy pipe in Bitbucket Pipelines, and my deployments keep showing as failed as a result of several fsetstat and setstat permission denied errors.

Note: I already added the necessary permissions recursively on the whole directory so that all of the files successfully transfer. All the files are there and everything seems to work on the server after multiple deployments, but they are still showing as failing.

Here's an example:

Couldn't setstat on "/foo/bar": Permission denied
Couldn't fsetstat: Permission denied
Couldn't fsetstat: Permission denied
Couldn't fsetstat: Permission denied

  1. What are these fsetstat and setstat commands trying to do and why?
  2. What changes are necessary on my Ubuntu server in order to prevent these errors?

 

1 answer

0 votes

Hi @Josh W. . setstat/fsetstat are basically trying to update the attributes of the remote files, such as read/write permissions etc. One possible reason you get this errors is that your sftp-server could be configured to prevent using this commands. For example, this SO answer is an example blacklisting such operations. You might need to do the opposite. I suggest inspecting your sshd_config file and check if fsetstat/setstat are blacklisted. Additionally, you might explicitly white-list them (note the lower-case "p" is used):

Subsystem sftp internal-sftp -p setstat,fsetstat

 Here are also a couple of useful links for reference:

 

Let me know if this helps

Unfortunately that didn't work. setstat and fsetstat are not blacklisted. 

I have an SFTP "jail" on a match group in the sshd_config, so the flags needed to be used with

ForceCommand internal-sftp

I tried using 

ForceCommand internal-sftp -p setstat,fsetstat

And this actually breaks the SFTP account entirely so that it no longer can connect. Looking at the docs, this is because the -p denies all other commands than the ones that are whitelisted:

All request types that are not on the whitelist will be logged and replied to with a failure message. [src]

As a test, I tried changing the flag use all commands (returned from the command /usr/lib/openssh/sftp-server -Q requests)

ForceCommand internal-sftp -p open,close,read,write,lstat,fstat,setstat,fsetstat,opendir,readdir,remove,mkdir,rmdir,realpath,stat,rename,readlink,symlink,posix-rename,statvfs,fstatvfs,hardlink,fsync

That didn't fix the issue and it was back to square one with the setstat and fsetstat errors in the pipeline log. So setstat and fsetstat appear to be enabled? Not sure what else it could be.

Hello

I had the same issue. So, I changed the directory owner on my server. The new owner is the same ssh user for bitbucket.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,787 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you