While using internal sftp server, need to access files outside chroot

Carson Gaspar carson at taltos.org
Fri Jun 8 08:56:01 EST 2012


On 6/7/12 3:15 PM, Ben Lindstrom wrote:
>
> The major edge case you need to worry about is the perl deamon
> moving/copying before sftp is done.  A move to the same partition
> isn't a problem as sftp still has the file descriptor, but a copy or
> a move to another partition will result in corrupted data.
>
> The easiest solution if clients are disconnected more often than
> connected is to skip all active inboxes with sftp sessions associated
> with them.

IFF you can control client behaviour, one standard work-around is to use 
an atomic transaction to indicate the file is ready for processing. The 
2 most common are rename and chmod. So either:

- upload file as foo.inprogress
- rename after complete to foo.alldone
- process all *.alldone files

or

- upload file as foo, umasking so it's not executable by default
- chmod u+x foo
- process all executable files


More information about the openssh-unix-dev mailing list