[Bug 1844] Explicit file permissions enhancement to sftp-server
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Oct 9 02:08:29 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1844
Donjan <bryonak at freenet.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bryonak at freenet.de
--- Comment #1 from Donjan <bryonak at freenet.de> 2011-10-09 02:08:29 EST ---
I strongly support this patch or alternatively the sftpfilecontrol one
(http://sftpfilecontrol.sourceforge.net/).
Usage scenario:
Client opens sftp connection to server, browses to a setgid 'workgroup'
directory (he's in the corresponding group) and creates a new file. In
order for other users in this group to be able to edit the file, it
should have ...rw-... permissions.
By using the -u flag in sshd_confg:
Subsystem sftp /usr/lib/openssh/sftp-server -u002
The client's umask gets shadowed, but not overridden. That is, if the
client has 022 for his umask (as most do), the -u flag can't achieve
g+w on new files (it does however, for example, correctly flatten the
group permissions with -u070).
This should be independent of wildly varying client setups, so asking
every user to change his local umask is not a practicable way.
The patch in this report would allow setting a -m flag in sshd_config,
the sftpfilecontrol patch mentioned above would allow a SftpUmask
option also in sshd_config. Any of which would be highly useful for the
described setup.
Thanks and best wishes
Donjan Rodic
PS: Rob, does your patch handle directories as well?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list