advisory file locks in linux - do they work?

Bob Proulx bob at
Tue May 3 12:53:22 EST 2011

Jeff Gibson wrote:
> Bob Proulx wrote:
> > You seem to think that all programs do file locking? Or perhaps you
> > are aware that they do not but you think they /should/ use file
> > locking and this is your way of lobbying to add it?
> Whoa - Please don't start attacking.  I had just read on some
> websites that SFTP supported it (perhaps this was not OpenSSH), and
> I *thought* I had it working on Solaris at one point.  Guess not.

Sorry we got off on the wrong foot.

> Anyway it's good to know this so I don't spend any more time trying
> to get it to work! :)

> Perhaps I wasn't very clear - we have clients connecting to us via
> SFTP -

Pushing files to you?  Or pulling files from you.  Obviously if you
want implement locking then it needs to be on the write side.

> We cannot reasonably expect them to know enough about UNIX/SFTP to
> do the above, and many of the 3rd party programs they use are closed
> source with limited feature sets.


> Instead I was hoping that it was possible for the internal-sftp
> process to automatically lock incoming files.  As I have now
> learned, OpenSSH/SFTP does not support this natively.  However, we
> have had an internal developer add the functionality and so far it
> seems to work.

Personally I have always been an advocate of writing the file off to
the side in a temporary file and then renaming it into place.  That
doesn't need a lockfile.  If you are hacking on the code to add
cooperative file semaphores then you might consider writing to a
temporary file and renaming it instead.  Since rename(2) is atomic the
file will either be the previous file or the next file.  (Although
recently with the Linux filesystems this semantic has been changed.)

> OK - so is there a way to do this with the internal-sftp command
> while using a chroot directory?  I guess I'm not grokking how to do
> this on the server-side without adding code or copying binaries to
> the user's directory.

As far as I know the only way to do this would be to make code

I don't know if this applies to you but a common file upload strategy
is to have people drop files into a directory with unique names and
then have a process notice these files as they appear and then to move
them to wherever they need to go.


More information about the openssh-unix-dev mailing list