openssh (6.2p2), inherit host environment variables to subsystem sftp-server process
Martin Jacobs
martin.jacobs at arcor.de
Sun Sep 15 21:41:08 EST 2013
On Sat, 14 Sep 2013, Damien Miller wrote:
> On Fri, 13 Sep 2013, Martin Jacobs wrote:
>
> > Hi,
> >
> > is there a regular way that a subsystem process (sftpserver
> > here) inherits environment variables from its parent (sshd)?
> > Namely LANG and LC_* variables.
> >
> > In my case it's important to get the variable of hosting
> > environment and not from client side (AcceptEnv).
>
> Subsystems like sftp are executed via the the user's shell, so you can
> place environment variables in a non-interactive shell initialisation
> file and they will be passed through.
Thanks for this hint. Yes, it works. I added
sshd_config:PermitUserEnvironment=yes
added file
/etc/global/bashrc:export LANG=de_DE at euro
added something like
~/.ssh/environment:BASH_ENV=/etc/global/bashrc
for each (!) user. With this subservice process gesftpserver
gets environment variable LANG as intended.
Disadvantage of this approach:
* needs PermitUserEnvironment=yes
* needs per user configuration (~/.ssh/environment)
* possible influence on ssh login session (LANG is
set/overriden)
>
> Otherwise, you could add them to the ones that are copied from sshd to
> its child session processes in session.c:do_setup_env() It might be
> worth reviewing these...
Environment variable LANG is not part of those variables
provided there and it is not configurable, therefore would
need a code change.
Changing do_setup_env() would be a permanent change and
affecting interactive sessions as well.
My suggestion:
New configuration option for sshd_config:
InheritEnv <list of variable names>
and extend Match criteria with key Subsystem <name>. And take
InheritEnv into list of options supported in Match section.
Current environment variables inherited in do_setup_env()
could be taken as default values of InheritEnv.
Why this: playing with green sftpserver plugin for openssh
(gesftpserver) and sftp protocol versions 4 and higher, its
necessary that gesftpserver process gets knowledge about
filename encoding of hosting system (variable LANG). This is
completely independent of user settings and independent from
interactive session configuration.
>
> -d
>
Martin
More information about the openssh-unix-dev
mailing list