Disable rm on sftp

Ahmad Zayed az1fantastic at gmail.com
Tue Oct 23 23:48:26 EST 2012


Hi,
Thanks a lot for this great software :)

I'm trying to do something to secure my server. I need to disable removing
file or removing directory using SFTP. In other words, the user can only
write, move but not delete the file. This will be used to store logs so, I
need to make sure once the logs written to my server the user cannot remove
it.

I tried doing this by changing the code of process_remove from:


static void
process_remove(void)
{
char *name;
u_int32_t id;
int status = SSH2_FX_FAILURE;
int ret;

id = get_int();
name = get_string(NULL);
debug3("request %u: remove", id);
logit("remove name \"%s\"", name);
if (readonly)
status = SSH2_FX_PERMISSION_DENIED;
else {
ret = unlink(name);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
}
send_status(id, status);
xfree(name);
}

To :

static void
process_remove(void)
{
char *name;
u_int32_t id;
int status = SSH2_FX_FAILURE;
int ret;

id = get_int();
name = get_string(NULL);
debug3("request %u: remove", id);
logit("remove name \"%s\"", name);

status = SSH2_FX_PERMISSION_DENIED;

send_status(id, status);
xfree(name);
}


Am I doing it right? because it's not working and I don't know why. Thanks
a lot.

-- 
Best Regards,
Ahmad Zayed


More information about the openssh-unix-dev mailing list