Azure Allow Users to Delete from Downloads
By default, downloads directories are read-only because the Blob storage is intended to be the source of truth.
Unlike uploads, which are transferred to Blob storage in near real-time, the downloads directory is synced with the contents of the Blob storage by the s3sync process every few minutes. If a file is deleted from the local server, it will reappear the next time the s3sync process runs.
In order to allow users to delete from the downloads directory, there are two options:
Modify the s3sync process to make the local directory the source of truth
Listen for IN_DELETE Event and run a custom script to delete from Blob storage
Make download directory the source of truth
The s3sync command uses the /opt/sftpgw/sync.d/username.sync file to map source Blob storage folders to target server directories.
Each entry in the username.sync file is a single line and consists of 3 segments separated by semicolons.
Segment 1, is the local target directory that the Blob storage content will be synced to.
Segment 2, is the user for which the sync operation will apply to.
Segment 3, is the Blob storage source folder that the content is synced from.
If you swap segment 1 with segment 3, the server will become the source of truth. The files will still be stored on Blob storage, but to add, modify, or delete the files those operations need to be done on the server.
You can then change the permissions of the downloads directory to allow the user read-write access. To do this run the command:
sudo chown username:username /home/username/home/username/downloads/
Listen for IN_DELETE event
If you want to allow users to delete files from their downloads directory, you could add a custom entry to the root incrontab for their downloads directory to monitor for an IN_DELETE event. This could then call a custom script that will delete the file from Blob storage if it is deleted from the server. Once the file is deleted from Blob storage, it will no longer get synced back to the server. To add an incrontab entry, do the following:
Create a custom user incrontab with the command:
sudo vim /etc/incron.d/username.download.sftpgw.incron
This will open the incrontab in vim [1], then add this line:
/home/username/home/username/downloads IN_DELETE /opt/sftpgw/deletefromblob.sh $# username
The deletefromblob.sh
script does not exist currently, but can easily be created to call the Azure cli to delete the
file in the Blob storage.
Create this script with the command sudo vim /opt/sftpgw/deletefroms3.sh
[1], and add the following script:
#!/bin/bash
LOG_FILE="/var/log/sftpgw/deletefromblob.log"
function applicationprop {
local prefix="${1}="
local str=$(grep "${1}" /opt/sftpgw/application.properties 2>/dev/null)
echo ${str#${prefix}}
}
function sftpgwprop {
local prefix="${1}="
local str=$(grep "${1}" /opt/sftpgw/sftpgateway.properties 2>/dev/null)
echo ${str#${prefix}}
}
azure_storage_account="$(applicationprop 'azure.storage.account-name')"
azure_storage_key="$(applicationprop 'azure.storage.account-key')"
# This pulls the default storage location from the sftpgateway.properties file.
# If you have set a custom storage location for a user then you may have to pull the
# container from the user.properties file or hardcode it here.
container_name="$(sftpgwprop 'sftpgateway.bucketname')"
file=$1
user=$2
az storage blob delete --output json --account-name ${azure_storage_account} --account-key ${azure_storage_key} --container-name $container_name --name $user/downloads/$file &>> $LOG_FILE
# end of script
You will have to make deletefromblob.sh
executable with the command:
sudo chmod +x /opt/sftpgw/deletefromblob.sh
You will then have to change the permissions of the downloads directory to allow the user to delete items from it. To do this run the command:
sudo chown username:username /home/username/home/username/downloads/
Some things to consider with either of these approaches:
You will have to do this for each user you wish to give this functionality to.
You will also have to change the ownership of each user’s downloads directory to allow them to write and delete files from it. To do this run the command sudo chown username:username /home/username/home/username/downloads
If you are unfamiliar with the text editor vim, here is a good resource to get you started - https://learnxinyminutes.com/docs/vim/ ↩ ↩