Drive: "insufficientFilePermissions" when trying to `rclone delete` a file another user uploaded in a directory I shared with her, deleting it via https://drive.google.com works with no errors

What is the problem you are having with rclone?

On a Drive remote, another user uploaded a file to a directory owned by me and shared with her.

Then, I use rclone delete to try and delete that file, but rclone fails with insufficientFilePermissions errors.

I then open a browser on https://drive.google.com and browse to the directory, and use the "Remove" option on the 2nd mouse button menu to delete the file: it gets deleted with no further ado.

So it seems to me to be a bug in rclone.

Run the command 'rclone version' and share the full output of the command.

rclone v1.60.0
- os/version: ubuntu 18.04 (64 bit)
- os/kernel: 4.15.0-194-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.19.2
- go/linking: static
- go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Google drive (directly, not over an encrypted/union/whatever remote).

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone delete --include="PREFIX*" drive_remote:dir1/dir2

The rclone config contents with secrets removed.

[dmgd]
type = drive
client_id = REDACTED
client_secret = REDACTED
token = REDACTED
root_folder_id = REDACTED
scope = drive
team_drive = 

A log from the command with the -vv flag

2022/11/12 15:18:13 DEBUG : rclone: Version "v1.60.0" starting with parameters ["rclone" "-vv" "delete" "--include=PREFIX*" "drive_remote:dir1/dir2"]
2022/11/12 15:18:13 DEBUG : Creating backend with remote "drive_remote:dir1/dir2"
2022/11/12 15:18:13 DEBUG : Using config file from "/HOMEDIR/.rclone.conf"
2022/11/12 15:18:13 DEBUG : drive_remote: Loaded invalid token from config file - ignoring
2022/11/12 15:18:13 DEBUG : Saving config "token" in section "drive_remote" of the config file
2022/11/12 15:18:13 DEBUG : drive_remote: Saved new token in config file
2022/11/12 15:18:14 DEBUG : Waiting for deletions to finish
2022/11/12 15:18:16 DEBUG : SOME_OTHER_FILE.gpx: Excluded from sync (and deletion)
[... a ton of similar "Excluded from sync (and deletion)" lines ...]
2022/11/12 15:18:16 ERROR : PREFIX_FILE_TO_DELETE.gpx: Couldn't delete: googleapi: Error 403: The user does not have sufficient permissions for this file., insufficientFilePermissions
[... a ton of similar "Excluded from sync (and deletion)" lines ...]
2022/11/12 15:18:16 ERROR : Attempt 1/3 failed with 2 errors and: failed to delete 1 files
2022/11/12 15:18:16 DEBUG : Waiting for deletions to finish
[... a ton of similar "Excluded from sync (and deletion)" lines ...]
2022/11/12 15:18:18 ERROR : PREFIX_FILE_TO_DELETE.gpx: Couldn't delete: googleapi: Error 403: The user does not have sufficient permissions for this file., insufficientFilePermissions
[... a ton of similar "Excluded from sync (and deletion)" lines ...]
2022/11/12 15:18:18 ERROR : Attempt 2/3 failed with 2 errors and: failed to delete 1 files
2022/11/12 15:18:18 DEBUG : Waiting for deletions to finish
[... a ton of similar "Excluded from sync (and deletion)" lines ...]
2022/11/12 15:18:19 ERROR : PREFIX_FILE_TO_DELETE.gpx: Couldn't delete: googleapi: Error 403: The user does not have sufficient permissions for this file., insufficientFilePermissions
[... a ton of similar "Excluded from sync (and deletion)" lines ...]
2022/11/12 15:18:19 ERROR : Attempt 3/3 failed with 2 errors and: failed to delete 1 files
2022/11/12 15:18:19 DEBUG : 8 go routines active
2022/11/12 15:18:19 Failed to delete with 2 errors: last error was: failed to delete 1 files

Further comments and details

  • The user uploaded the file using the Drive app installed in her Android phone.

  • The issue is 100% reproducible here.

  • The issue also happens with rclone version 1.59.0.

Please let me know if anything else is needed.

I searched to see if this was a known bug at Issues · rclone/rclone · GitHub, but there was nothing quite like it -- please let me know if an issue should be opened and I will do it.

Thanks in advance,
-- Durval.

Is it a team drive? Did you check the permissions on the file?

Nope, standard drive.

Yep, I'm listed under "Who has access" on the file's properties. Also, if it was a real permission issue, I would not be able to delete it under Drive's 'WebGUI' (ie, via browser at https://drive.google.com/), right?

Cheers,
-- Durval.

So it’s your drive or someone else’s? A file is shared with you? Can you explain how to create the issue?

I thought I had it sufficiently explained above, sorry about that. Here's a step-by-step detailed procedure to reproduce the issue:

  1. User 1 creates a directory D in his GoogleDrive account using the WebGUI;
  2. User 1 shares the directory D with User 2;
  3. User 2 uploads a file F to directory D (using the app from an Android phone);
  4. User 1 creates a rclone remote to his GoogleDrive account;
  5. User 1 tries to use rclone delete to remove file F-> Error, as detailed in my initial post
  6. User 1 tries to use the WebGUI to remove file F -> OK, as detailed in my initial post

I hope it's now sufficiently detailed for you, if not please let me know how I can improve and it will be my pleasure to comply.

Thanks,
-- Durval.

My first take as the file created by the other user only has 'writer' role assigned to it, which means the API can't delete it.

{
  "kind": "drive#permissionList",
  "permissions": [
    {
      "id": "13774189009349601086",
      "type": "user",
      "kind": "drive#permission",
      "role": "writer"
    },
    {
      "id": "18293713648930937059",
      "type": "user",
      "kind": "drive#permission",
      "role": "owner"
    }
  ]
}

I wonder if the API can delete or I'm just misreading something along the way which is possible as well.

Very easy to recreate as well as I just did it via two browers and two users as your steps were very helpful in ensuring I replicated the same thing.

I have a vague memory that we've noticed this before and decided that the drive API was deficient here, though more likely there is some obscure thing we have to do!

Where did the role "writer" come from? Is that the default or did the app set it on upload?

It seems to be set when you upload a file as in my testing, I did it via the web app via an incognito window as another user.

With that role, it doesn't seem you can can delete it as shown by the permissions error. Unsure how'd you'd work around it as it seems intentional in the matrix.

Looking at the docs the "writer" role seems sensible and explains why rclone can't delete it.

What it doesn't explain is why the web app can delete it though - that I don't understand?

Google frequently does things that don't make sense so I'm not sure why the UI allows it to be deleted but the API doesn't seem to have the same permissions.

In the UI, I have "Editor" access which I'm guessing allows for deleting.

image

I think we'll have to write this down as deficiencies in the API :frowning:

IMHO, this looks a little too 'basic' to be a deficiency in the API, as it makes the API (and everything depending on it, like rclone) unworkable for anyone sharing a directory with other users (which is the whole purpose of Drive).

Is there a way to be really sure that it's a deficiency in the API? I will then escalate it to Google (even if they don't respond, you will then be able to point to the issue and tell people to go there and click +1 instead of complaining about rclone :slight_smile:)

Cheers,
-- Durval.

I shared all the steps I did to reproduce the issue, capture the API info and post any relevant logs.

Feel free to poke around as it's easy to test / validate from what I've shared.

That allows you to try the API stuff independent of rclone and see what is happening. I used that to pull the permissions on the file created.

Most folks share and consume things via the official drive app so while rclone uses the API, the native apps done so the problem might be very edge case. If you look at the API issues overall, they are many that are basic as the Google Photos API one, I would barely call that functional.

This is all I get when I try to delete so unless there is some other API way to delete a file, I'm not sure either:

That's a good idea reproducing it with the API site.

I don't think the drive web app uses the public drive API (at least I've long suspected that). (The google photos web app definitely doesn't.) So discrepancies between the drive web app and the API are possible.