Remove delete command from SFTP/WinSCP

Is there any way from which we can restrict any particular user to delete files/folder having full permissions from WinSCP.

Thanks in advance.


Remove the write permissions from files and folders server-side.

Alternatively you can restrict the "delete" operation on the SFTP server. See Restrict SFTP user to run only limited set of commands/action in Linux. And make sure the user has an SFTP access only.


I am fairly certain that this can't be done in the way you are hoping (via settings on the winSCP client.) This forum shows evidence of another server administrator with a similar issue. Upon asking, the winSCP site administrator informs him that this is not possible in winSCP, and tells him to focus on the server side.

As the posts suggest, in order to deny this user access, you will need to use server side settings.

One change that is extremely efficient for stopping remote clients from accessing your server (weather via openssh, winscp, or any other SSH client) is to simply close off Port 22. This is the default port for SSH traffic.

EDIT: Still not sure you have given all the relevant info. Going on the info that you have provided so far, if port 22 needs to remain open, you may need to get creative. That said, I am sure a more straight-forward solution could be given if I / we had more context.

Regardless of the method you use to restrict the user's access, you will first need to remove user's sudo privelege. remove with:

gpasswd --delete pbwriters USER

I believe your goal can be achieved server-side by using the chown and chmod commands. You are going to want to set the g= and o= options in after changing the group to which the file belongs. This line should do the trick:

# Replace DIR w/ outermost folder's name
sudo groupadd pbwriters && sudo chown -R :pbwriters DIR && sudo chmod -R 774 DIR

Now, if parentdirectory in the above command is changed to the name of the outermost directory that you want to restrict, then everything inside of that file will only be writable by those in pbwriters group. To give someone write access, you just need to add them to pbwriters group:

# Just as before, replace USER with name of user
sudo usermod -a -G pbwriters USER