[SFTP] Possibility for Adding "ForceFilePermission" option
Jakub Jelen
jjelen at redhat.com
Tue Dec 19 03:34:36 AEDT 2017
On Tue, 2017-12-19 at 02:03 +1030, David Newall wrote:
> On 18/12/17 22:33, Jakub Jelen wrote:
> > during last month, there were already two emails in this mailing
> > list
> > discussing [forced permissions]:
> >
> > https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-
> > November/036468.html
>
> This seems like a reasonable and useful feature. It's simple to
> implement, and, (apparently) there's already a patch to do it.
>
> I can think of one reason why further thought is required. It could
> be
> argued that this needs to be determined per-user. That is, should
> there
> be some way to specify a group of users for whom permissions are not
> forced; or, in the alternative, a group of users for whom
> permissions
> must be forced.
The ForceCommand can accept argument with sftp-server/internal-sftp, it
can already appear in the Match blocks and therefore you can very
simply adjust the SFTP-only access for separate groups/users with this
simple patch.
What is missing is a force mode for directories, but I would consider
this as a minor issue, if it would be ever needed in real-world use
cases.
Regards,
Jakub
More information about the openssh-unix-dev
mailing list