Azure Allow Users to Delete from Downloads
Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.
By default, downloads directories are read-only because the Blob storage is intended to be the source of truth.
Unlike uploads, which are transferred to Blob storage in near real-time, the downloads directory is synced with the contents of the Blob storage by the s3sync process every few minutes. If a file is deleted from the local server, it will reappear the next time the s3sync process runs.
In order to allow users to delete from the downloads directory, there is one custom-configuration option where you listen for file delete events, and call a script to delete that file from Blob storage.
Listen for IN_DELETE event
If you want to allow users to delete files from their downloads directory, you could add a custom entry to the root incrontab for their downloads directory to monitor for an IN_DELETE event. This could then call a custom script that will delete the file from Blob storage if it is deleted from the server. Once the file is deleted from Blob storage, it will no longer get synced back to the server. To add an incrontab entry, do the following:
Create a custom user incrontab with the command:
sudo vim /etc/incron.d/<username>.download.sftpgw.incron
This will open the incrontab in vim [1], then add this line:
/home/<username>/home/<username>/downloads IN_DELETE /opt/sftpgw/deletefromblob.sh "$#" <username>
Note: Remember to replace <username> in 3 locations.
The deletefromblob.sh script does not exist currently, but can easily be created to call the Azure cli to delete the
file in the Blob storage.
Create this script with the command sudo vim /opt/sftpgw/deletefromblob.sh[1], and add the following script:
#!/bin/bash
LOG_FILE="/var/log/sftpgw/deletefromblob.log"
function applicationprop {
local prefix="${1}="
local str=$(grep "${1}" /opt/sftpgw/application.properties 2>/dev/null)
echo ${str#${prefix}}
}
function sftpgwprop {
local prefix="${1}="
local str=$(grep "${1}" /opt/sftpgw/sftpgateway.properties 2>/dev/null)
echo ${str#${prefix}}
}
azure_storage_account="$(sftpgwprop 'sftpgateway.azure.storage.account-name')"
azure_storage_key="$(sftpgwprop 'sftpgateway.azure.storage.account-key')"
# This pulls the default storage location from the sftpgateway.properties file.
# If you have set a custom storage location for a user then you may have to pull the
# container from the user.properties file or hardcode it here.
container_name="$(sftpgwprop 'sftpgateway.bucketname')"
file="${1//\\/}"
user="$2"
date=$(date '+%Y-%m-%d')
echo "${date} - Deleting file: ${file}" | sudo tee -a ${LOG_FILE}
az storage blob delete --output json --account-name ${azure_storage_account} --account-key ${azure_storage_key} --container-name $container_name --name "$user/downloads/$file" &>> $LOG_FILE
# end of script
You will have to make deletefromblob.sh executable with the command:
sudo chmod +x /opt/sftpgw/deletefromblob.sh
You will then have to change the permissions of the downloads directory to allow the user to delete items from it. To do this run the commands:
sudo chown -R <username>:<username> /home/<username>/home/<username>/downloads
sudo chmod g+s downloads
sudo chmod 775 downloads
sudo setfacl -d -m g::rwx downloads/
Note: Remember to replace <username> in multiple locations.
The commands above give the user permission to delete files. And it also applies special permissions to subfolders so that the user can delete files created later on.
Some things to consider with either of these approaches:
You will have to do this for each user you wish to give this functionality to.
You will also have to change the ownership of each user’s downloads directory to allow them to write and delete files from it. To do this run the command
sudo chown <username>:<username> /home/<username>/home/<username>/downloads
If you are unfamiliar with the text editor vim, here is a good resource to get you started - https://learnxinyminutes.com/docs/vim/ ↩ ↩