[Bug 1715] New: Integrate patch to provide ability to force 'umask' in sftp-server
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Feb 24 04:45:10 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1715
Summary: Integrate patch to provide ability to force 'umask' in
sftp-server
Product: Portable OpenSSH
Version: 5.3p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sftp-server
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: dennis.jenkins.75 at gmail.com
Hello,
I need to control the umask of files uploaded to an SFTP server
running on Gentoo Linux. Fortunately, Michael Martinez created just
such a patch a long time ago [1]. He has been maintaining it on his
own (my efforts to contact him have failed though).
Unfortunately, I have a strong need for the install of all
packages on our servers to be managed through the built-in package
management system. A manually installed version of openssh would get
clobbered on each system update.
If at all possible I would like the openssh development group to
review his patch and consider it for inclusion into the openssh
mainline.
Before approaching the openssh group I had posted a feature
request on the Gentoo Bugzilla [2]. The Gentoo team suggested that I
bring the request to your attention first (makes sense to me).
I would greatly appreciate any efforts in reviewing, approving and
integrating this patch. I am certainly willing to help test it. If
the openssh team integrates this patch, or similar functionality, then
I will work with the Gentoo team to get them to update their openssh
package.
A little more information about my actual use case:
I use the "chroot" and "internal-sftp" features. I have the
following in my "/etc/ssh/sshd_config" file:
Match group scponly
ChrootDirectory /ftp-jail/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -l VERBOSE
With this patch I am hoping that I can add "-sftpumask 0000" to
the "ForceCommand" option. The Gentoo (and Debian as I understand it)
daemon monitoring program "start-stop-daemon" is used to manage the
master "sshd" process. This daemon sets the umask to "0022". sshd
and the internal sftp server do not appear to ever over-ride that
setting. I did some "strace" tests on the sshd process as I uploaded a
file. I observed that while the file was opened with file access mode
"0666" the resulting file on disk (actually an NFS share) was mode
0644. My ultimate goal is to force the file to be 0666 (non-root
processes need to be able to rename / move these uploaded files before
processing them and possibly delete them afterwards).
Thank you for your time.
[1a] http://sftpfilecontrol.sourceforge.net
[1b]
http://sftpfilecontrol.sourceforge.net/download/v1.3/openssh-5.3p1.sftpfilecontrol-v1.3.patch
[2] http://bugs.gentoo.org/show_bug.cgi?id=305455
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list