setting umask for internal-sftp users
Samuel Vogel
samydelux at gmail.com
Fri Jan 9 21:42:47 EST 2009
Will Johnston schrieb:
> I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup
> chroot jails for certain SFTP-only users. I use the following lines
> in my sshd_config file:
>
> Match Group sftponly
> ChrootDirectory /home/chroot-%u
> ForceCommand internal-sftp
>
> It works great.
>
> The problem is that some of my users need umask 002 for their
> uploads. I tried a few ways to achieve this:
>
> * set umask in sshrc, .profile, etc... fails because no shell is used
> with internal-sftp
>
> * set the umask to 002 before launching sshd so the sftp server
> process will inherit it...
> fails because sshd resets umask to a minimum of 022 on startup
> (seems like a good idea)
>
> My solution was to add an option for internal-sftp that sets the
> umask. So, I can put this in my configuration:
>
> Match Group sftponly
> ChrootDirectory /home/chroot-%u
> ForceCommand internal-sftp -u 002
>
> I've attached my patch. It's working with no problems for me.
>
> Please consider including this change or something similar in the next
> release.
Hey,
There also is the sftp file control patch, located here:
http://sftpfilecontrol.sourceforge.net/
It also adds a configure parameter to the conf file, which lets you set
the umask. In addition to that, you can forbid the use of chmod and
chown for sftp connections.
I really would like to see this integrated into openssh!
Regards,
Samy
More information about the openssh-unix-dev
mailing list