SFTP subsystem and explicit file permissions
Rob C
candland at xmission.com
Fri Nov 5 06:31:59 EST 2010
Hello again,
Now that umask is working (thanks very much!) I have found that I would
like to see more control over sftp-server/internal-sftp file
permissions.
Given that previous patches (sftp file control comes to mind) were
produced indicates there are other users that would also like more
control over file permissions.
My solution was to add yet another option to sftp-server/internal-sftp
that forces file permissions, so something like the following in
sshd_config:
Match Group sftponly
ChrootDirectory /home/chroot-%u
ForceCommand internal-sftp -m 660
Or even globally:
Subsystem sftp /usr/local/libexec/sftp-server -m 600
Please see the attached patch. I have only been able to test the
changes on RHEL4 and Ubuntu 10.04. I have been running a patched
version of 5.6p1 in production on RHEL4 and haven't had any problems.
Note that the attached patch was produced against the 1.92 version of
sftp-server.c.
Best regards,
Rob Candland
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssh-forcefileperm.patch
Type: text/x-diff
Size: 2632 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20101104/91998538/attachment.bin>
More information about the openssh-unix-dev
mailing list