[Bug 1844] New: Explicit file permissions enhancement to sftp-server
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 10 10:59:28 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1844
Summary: Explicit file permissions enhancement to sftp-server
Product: Portable OpenSSH
Version: 5.6p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sftp-server
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: candland at xmission.com
Created attachment 1973
--> https://bugzilla.mindrot.org/attachment.cgi?id=1973
Force file permissions for sftp-server
Hello,
I have found that I require more control over file permissions for
incoming files via sftp-server/internal-sftp than the -u <umask>
parameter can provide.
Please see the attached patch. It adds yet another option to
sftp-server (-m) that will force file permissions and will ignore
permissions specified by the client. The numeric permissions following
the -m parameter are bounds checked by the same method now used for the
-u parameter and can only range from 0 - 0777.
Implementation in sshd_config would obviously be something like:
-----------------------------------------------
Match Group sftponly
ChrootDirectory /home/chroot-%u
ForceCommand internal-sftp -m 660
-----------------------------------------------
or
----------------------------------------------------
Subsystem sftp /path/to/sftp-server -m 600
----------------------------------------------------
I have tested extensively on several Linux distributions and have been
using the changes in our production sftp-server environment.
Note that the attached patch updates sftp-server.8 version 1.19 and
sftp-server.c version 1.93.
Please consider including this change or something similar in the next
release.
Thanks!
-Rob Candland
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list