Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Couldn't fsetstat - permission denied errors with sftp-deploy

Josh W.
Josh W.
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 16, 2019

I'm using the atlassian/sftp-deploy pipe in Bitbucket Pipelines, and my deployments keep showing as failed as a result of several fsetstat and setstat permission denied errors.

Note: I already added the necessary permissions recursively on the whole directory so that all of the files successfully transfer. All the files are there and everything seems to work on the server after multiple deployments, but they are still showing as failing.

Here's an example:

Couldn't setstat on "/foo/bar": Permission denied
Couldn't fsetstat: Permission denied
Couldn't fsetstat: Permission denied
Couldn't fsetstat: Permission denied

  1. What are these fsetstat and setstat commands trying to do and why?
  2. What changes are necessary on my Ubuntu server in order to prevent these errors?

 

Answer
Watch
Like Be the first to like this
9343 views

1 answer

0 votes
Alexander Zhukov
Alexander Zhukov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 19, 2019

Hi @Josh W. . setstat/fsetstat are basically trying to update the attributes of the remote files, such as read/write permissions etc. One possible reason you get this errors is that your sftp-server could be configured to prevent using this commands. For example, this SO answer is an example blacklisting such operations. You might need to do the opposite. I suggest inspecting your sshd_config file and check if fsetstat/setstat are blacklisted. Additionally, you might explicitly white-list them (note the lower-case "p" is used):

Subsystem sftp internal-sftp -p setstat,fsetstat

 Here are also a couple of useful links for reference:

 

Let me know if this helps

View More Comments
Josh W.
Josh W.
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 24, 2019

Unfortunately that didn't work. setstat and fsetstat are not blacklisted. 

I have an SFTP "jail" on a match group in the sshd_config, so the flags needed to be used with

ForceCommand internal-sftp

I tried using 

ForceCommand internal-sftp -p setstat,fsetstat

And this actually breaks the SFTP account entirely so that it no longer can connect. Looking at the docs, this is because the -p denies all other commands than the ones that are whitelisted:

All request types that are not on the whitelist will be logged and replied to with a failure message. [src]

As a test, I tried changing the flag use all commands (returned from the command /usr/lib/openssh/sftp-server -Q requests)

ForceCommand internal-sftp -p open,close,read,write,lstat,fstat,setstat,fsetstat,opendir,readdir,remove,mkdir,rmdir,realpath,stat,rename,readlink,symlink,posix-rename,statvfs,fstatvfs,hardlink,fsync

That didn't fix the issue and it was back to square one with the setstat and fsetstat errors in the pipeline log. So setstat and fsetstat appear to be enabled? Not sure what else it could be.

Like
Gabriel Gaitan
Gabriel Gaitan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 8, 2020

Hello

I had the same issue. So, I changed the directory owner on my server. The new owner is the same ssh user for bitbucket.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events