Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > File Transfer

Reply
 
Thread Tools Display Modes
  #1  
Old 08-10-2016, 01:26 PM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 20
Filter files in VShell

Is there a configuration option to prevent certain files from being returned to the client, when it requests either a directory listing or a read.

In its simplest state, I'd like to prevent with the OS's 'hidden' attribute from showing up in the directory listing. In a slightly more complicated state, this might extend to files which match a glob pattern, e.g. *.tmp.

If not, would a feature-request for such a thing be reasonable?

I see it working at the Virtual Root level (i.e. allow this setting to be defined on the virtual root, so you could have different filters for different roots) but would take something global in the first instance.

I suppose one difficulty might be determining what to do if a write or delete operation were made to a file that existed but was hidden by this filter. Offhand, my preference would be to prevent the operation with SSH_FX_PERMISSION_DENIED or SSH_FX_WRITE_PROTECT, but you may have other ideas.
Reply With Quote
  #2  
Old 08-11-2016, 08:17 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,449
Hi jimbobmcgee,

Quote:
Is there a configuration option to prevent certain files from being returned to the client, when it requests either a directory listing or a read.
Presently, I think you could only accomplish this via OS-level permissions if, for example, you only want to prevent listing of *some* files in the user's virtual root path (or any other directories accessible to the user).

I would be glad to create a feature request, but to be sure I capture it accurately, since you seem to have a solution thought out in very specific terms... What problem(s) are you trying to solve?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 11-11-2016, 12:56 PM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 20
My apologies that I didn't get back to you regarding this -- I never got the forum notification, so missed your reply.

The issue that we are facing is not specific to VShell, but the backgound is that we run a replication tool between the filesystems of two servers running VShell and, if that replication discovers a mismatch, it renames the existing file to originalname.random.conflict and marks it with the 'hidden' and 'read-only' NTFS attributes.

Our clients' process is to enumerate all files in their root, download them for further processing, and then remove them. However, the occasional existence of these *.conflict files is interfering with this process -- either their processing incorrectly attempts to process the conflict file, or they cannot remove it due to the read-only attribute.

The workaround is to request that our clients ignore any *.conflict files that they find, but clients are always reticent to make such changes to their processes and we regularly have to field support calls that remind them of this. It would be better if they never saw these files during their enumeration, so never attempted to process/remove them.

An elegant approach to solving this would be to filter the view of the filesystem, so that *.conflict files were never displayed. I don't know of many options for doing this at the operating system level on Windows, bar ensuring that they are archived very quickly (i.e. out-of-band). However, these files are marked with the NTFS 'hidden' attribute and are always named in the same way.

Ultimately, we are in the process of migrating to a new replication tool, which does its conflict resolution differently, so there is no rush for a solution to this issue but, since we regularly use VShell to provide a client-facing interface, and virtual roots provide a more-configurable abstraction over the underlying filesystem, I thought this might be a nice feature for VShell to have.

The simplest feature request would be for a checkbox on the virtual root configuration which, when checked, forced any SFTP/FTPS directory listing operation within that root to honour the 'hidden' attribute of NTFS, so that files marked as 'hidden' could never form part of the listing.

A more-complex feature request would be for a multiple-entry field table on the virtual root configuration, where each entry could have a 'pattern' field (e.g. '*.tmp') and an 'allow/deny' toggle. The combination of these entries would describe a filter for files that were allowed or disallowed from being returned in a directory listing.

To minimise complications and collisions, the feature would also have to handle the events that a client might attempt to download, upload or delete a file that exists on the underlying filesystem but is filtered by the feature. The end-user should not be able to directly download a file that has been filtered, nor should they be able to create/modify/delete a file that would match the filter.

To maintain client compatibility, I expect this would have to be prevented by returning whatever error response is appropriate -- in FTP(S) this is probably '550' or '553', but in SFTP I think it is more complicated. It might be as simple as just using the generic SSH_FX_FAILURE code for any attempt to do something to a filtered file but, if you were looking for more meaningful messages, you might need to choose a more operation-appropriate message, such as SSH_FX_NO_SUCH_FILE for download and/or delete, SSH_FX_PERMISSION_DENIED or SSH_FX_WRITE_PROTECT for upload or create-directory, and SSH_FX_NO_SUCH_PATH if any of the intermediary directories in the given path were excluded by the filter -- I would have to defer to your protocol experts in this regard.

Last edited by jimbobmcgee; 11-11-2016 at 01:03 PM.
Reply With Quote
  #4  
Old 11-11-2016, 02:20 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,449
Hi jimbobmcgee,

Thanks for the comprehensive explanation.

I have added your contact information to the following feature requests in our product enhancement database:
  • Option for VShell not to show hidden files

  • Add ability to restrict file transfers (or list) by file type, extension or direction
Should a future release of VShell include either feature, you will be contacted.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 09:29 PM.