The file is not writable/Access to the file is not allowed

Questions
1

Describe the problem/error/question

Hello,

I have workflows that create a file on a shared folder (on another server). I have the error “The file “\\srv2\folder\file.csv” is not writable.”

For the rest of my test I switched to Read files from disk. I have the error “Access to the file is not allowed. Allowed paths: …”.

I first tought “its’s because its’ a shared folder”, but that not the case since I only have the issue with srv2 and srv3, but it works fine with srv1 and srv4.

There’s no misstyping.

I checked the folders rights, it’s all good. Everyone has access and can read/modify ; I even try to add right to my specific user.

My older versions of N8N (0.192.1 and 1.122.4) don’t have issue.

Do I miss something?

What is the error message ?

Access to the file is not allowed. Allowed paths: C:/N8N_folder, C:/N8N_folder2, C:/N8N_folder3, C:/N8N_folder4, C:/N8N_folder5, C:/N8N_folder6, C:/N8N_folder7, //srv1/folder/subfolder, //srv1/folder/subfolder, //srv2/folder/ //srv3/folder, //srv4/folder/subfolder

Env

module.exports = {
    apps : [{
        name   : "n8n",
        env: {	
			//files
			N8N_USER_FOLDER:"C:",
			
			// déploiment
			N8N_HOST:"Server_Name",
			N8N_PROTOCOL:"https",	//http
			N8N_PORT:5678, //5678
			N8N_SSL_KEY:"SSL_Key_Path",
			N8N_SSL_CERT:"SSL_Perm_Path",
			//N8N_PUSH_BACKEND: "sse", //websocket
			
			// endpoint
			N8N_ENDPOINT_HEALTH:"checkhealth", //"healthz" par défaut"
						
			// executions
			EXECUTIONS_DATA_SAVE_MANUAL_EXECUTIONS:true,	//false
			EXECUTIONS_DATA_PRUNE:true, //false
			EXECUTIONS_DATA_MAX_AGE:224,	//336
			
			// DB		
			DB_TYPE:"postgresdb",
			DB_POSTGRESDB_DATABASE:"n8n",
			DB_POSTGRESDB_HOST:"localhost",
			DB_POSTGRESDB_PORT:5432,	//5432
			DB_POSTGRESDB_USER:"Database_User",
			DB_POSTGRESDB_PASSWORD:"password",
			DB_POSTGRESDB_POOL_SIZE:10, //2 par defaut
			DB_POSTGRESDB_CONNECTION_TIMEOUT:360000, //20000 par defaut
			
			// logs
			N8N_LOG_LEVEL:"info", // info par defaut ; debug

			// nodes
			N8N_PYTHON_ENABLED : false, //true
			NODES_EXCLUDE: "[]", //par défaut à partir de V2 : "[\"n8n-nodes-base.executeCommand\", \"n8n-nodes-base.localFileTrigger\"]"

			N8N_RESTRICT_FILE_ACCESS_TO:"C:/N8N_folder, C:/N8N_folder2, C:/N8N_folder3, C:/N8N_folder4, C:/N8N_folder5, C:/N8N_folder6, C:/N8N_folder7, //srv1/folder/subfolder, //srv1/folder/subfolder, //srv2/folder/ //srv3/folder, //srv4/folder/subfolder",

			// timezone
			GENERIC_TIMEZONE : "Europe/Paris"
        }
    }]
}

Information on your n8n setup

  • n8n version: 2.10.4 self hosted

    • Database : PostgreSQL 18.2

    • n8n EXECUTIONS_PROCESS setting: default: own, main

    • Running n8n via: npm & pm2

    • Operating system: Windows Server 2019 Standard

2

Hey @gabg

Your N8N_RESTRICT_FILE_ACCESS_TO is very likely the problem here.
In current n8n, that variable should be a semicolon-separated list, and your srv2 / srv3 entries are not properly separated, so n8n may be parsing them incorrectly.
I’d first fix that value, restart n8n, and retest with the exact UNC paths only; from what you shared, this looks more like a path configuration issue than a folder-permissions issue.
Example: N8N_RESTRICT_FILE_ACCESS_TO=“C:/N8N_folder;C:/N8N_folder2;//srv1/folder/subfolder;//srv2/folder;//srv3/folder;//srv4/folder/subfolder”

(Security environment variables | n8n Docs))

3

Sorry it’s my error when I wrote the post.
The real environment use semicolon (and theres is one bewteen //srv2/folder/ and //srv3/folder).

1 Like
4

No problem @gabg :slight_smile:

This changes the picture.
At that point, my main suspicion would be the Windows user running pm / n8n not having the same effective access to srv2 and srv3 as your interactive user, even if the folders look fine in Explorer. I’d test those exact UNC paths from the same service account that runs n8n, and also compare the exact allowed path string versus the runtime path, including trailing slash and subfolder depth, since access is restricted to the configured directories.

5

You were right, my PM2 service was not using the good account. I fixed it, but still have the issue.

I confirm it’s the same path in the node and the env (//srv2/folder/).
I can copy the working node from N8N 1.122.4 to 2.10.4, it’ll have the error.

Here the debug log:
14:55:21.236 e[34mdebuge[39m e[34mWorkflow execution finished with errore[39m e[2m{ “error”: { “level”: “warning”, “tags”: { “reWrapped”: true }, “timestamp”: 1773755721216, “context”: { “itemIndex”: 0 }, “functionality”: “regular”, “name”: “NodeApiError”, “node”: { “parameters”: { “info”: “”, “operation”: “read”, “fileSelector”: “//srv2/folder/file.csv”, “options”: { } }, “type”: “n8n-nodes-base.readWriteFile”, “typeVersion”: 1.1, “position”: [448,-64], “id”: “273fed49-ac40-4e18-8ef3-d211e14da751”, “name”: “Read/Write Files from Disk” }, “messages”: [“Access to the file is not allowed. Allowed paths: C: /N8N_folder/, C: /N8N_folder2/, C: /N8N_folder3/, C: /N8N_folder4/, C: /N8N_folder5/, C: /N8N_folder6/, C: /N8N_folder7/, //srv1/folder/subfolder/, //srv1/folder1/subfolder1/, //srv2/folder/, //srv3/folder/, //srv4/folder/subfolder/”], “httpCode”: null, “message”: “Access to the file is not allowed. Allowed paths: C: /N8N_folder/, C: /N8N_folder2/, C: /N8N_folder3/, C: /N8N_folder4/, C: /N8N_folder5/, C: /N8N_folder6/, C: /N8N_folder7/, //srv1/folder/subfolder/, //srv1/folder1/subfolder1/, //srv2/folder/, //srv3/folder/, //srv4/folder/subfolder/”, “stack”: “NodeApiError: Access to the file is not allowed. Allowed paths: C: /N8N_folder/, C: /N8N_folder2/, C: /N8N_folder3/, C: /N8N_folder4/, C: /N8N_folder5/, C: /N8N_folder6/, C: /N8N_folder7/, //srv1/folder/subfolder/, //srv1/folder1/subfolder1/, //srv2/folder/, //srv3/folder/, //srv4/folder/subfolder/\n at ExecuteContext.execute (C: \ProgramData\npm\npm\node_modules\n8n\node_modules\n8n-nodes-base\nodes\Files\ReadWriteFile\actions\read.operation.ts: 158: 10)\n at ExecuteContext.execute (C: \ProgramData\npm\npm\node_modules\n8n\node_modules\n8n-nodes-base\nodes\Files\ReadWriteFile\ReadWriteFile.node.ts: 65: 17)\n at WorkflowExecute.executeNode (C: \ProgramData\npm\npm\node_modules\n8n\node_modules\n8n-core\src\execution-engine\workflow-execute.ts: 1043: 8)\n at WorkflowExecute.runNode (C: \ProgramData\npm\npm\node_modules\n8n\node_modules\n8n-core\src\execution-engine\workflow-execute.ts: 1222: 11)\n at C: \ProgramData\npm\npm\node_modules\n8n\node_modules\n8n-core\src\execution-engine\workflow-execute.ts: 1665: 27\n at C: \ProgramData\npm\npm\node_modules\n8n\node_modules\n8n-core\src\execution-engine\workflow-execute.ts: 2308: 11” }, “workflowId”: “9Oa7bFTmmG5wvlmy”, “file”: “logger-proxy.js”, “function”: “exports.debug” }

6

@gabg

At this point it looks more like a path-validation or UNC normalization issue on Windows in 2.10.4, especially since the same node works in 1.122.4 and fails after the upgrade with the same path.
As a workaround, I’d use a local folder that is explicitly allowlisted, or map the network share to a drive letter for the same Windows account running PM2/n8n and test that path instead.
If the mapped drive or local path works while the UNC path still fails, that would strongly point to a regression rather than a permissions issue.

let me know how it goes.

1 Like
7

I found it works well if I unrestrict n8n with N8N_RESTRICT_FILE_ACCESS_TO:“”. I think I’ll let it stay like that.

Thank you for your help!

1 Like
8

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.