Disallow some sftp commands

[René Ribaud]

Hello,

Couple of days ago, I received a request from a customer.
He wants to provide sftp users access to a directory tree containing files.
The users must have full rights, but he also wants to avoid moving or
deleting directories. This is mostly to prevent mistakenly drag and
drop from user's graphical client (Filezilla).
Said differently, he wants to protect the directories organization.

First, I tried to find how to do that from system point of view. But it
looks not easilly possible according to what customer wants to do.

So as a proof of concept, I decided to do it from the application side,
modifying the sftp server by answering ok and not doing the rmdir and
rename commands (ugly patch below).
It works as expected and seems to satisfy the customer.

Do you think, it is something that could be implemented upstream ?
Of course, I think about a proper patch that as an example will allow
to disable specific sftp commands on some users.
If yes, I could probably write one but I will need some guidance to do
it and design it properly.

Regards.
René.

Patch below :
Note : This patch was written to be used on Centos6.9 which is using an
old openssh version.

diff openssh-5.3p1/sftp-server.c openssh-5.3p1.patched/sftp-server.c
949a950

993,994c1001,1004
< 	ret = rmdir(name);
< 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
---
> 	/*ret = rmdir(name);
> 	  status = (ret == -1) ? errno_to_portable(errno) :
SSH2_FX_OK;
>         */
> 	status = SSH2_FX_OK;
1040a1051,1053
> 	else if (S_ISDIR(sb.st_mode)) {
> 		status = SSH2_FX_OK;
> 	}