[Bug 1715] New: Integrate patch to provide ability to force 'umask' in sftp-server

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Feb 24 04:45:10 EST 2010


           Summary: Integrate patch to provide ability to force 'umask' in
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sftp-server
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: dennis.jenkins.75 at gmail.com


     I need to control the umask of files uploaded to an SFTP server
running on Gentoo Linux.  Fortunately, Michael Martinez created just
such a patch a long time ago [1].  He has been maintaining it on his
own (my efforts to contact him have failed though).

     Unfortunately, I have a strong need for the install of all
packages on our servers to be managed through the built-in package
management system.  A manually installed version of openssh would get
clobbered on each system update.

     If at all possible I would like the openssh development group to
review his patch and consider it for inclusion into the openssh

     Before approaching the openssh group I had posted a feature
request on the Gentoo Bugzilla [2].  The Gentoo team suggested that I
bring the request to your attention first (makes sense to me).

     I would greatly appreciate any efforts in reviewing, approving and
integrating this patch.  I am certainly willing to help test it.  If
the openssh team integrates this patch, or similar functionality, then
I will work with the Gentoo team to get them to update their openssh

     A little more information about my actual use case:

     I use the "chroot" and "internal-sftp" features.  I have the
following in my "/etc/ssh/sshd_config" file:

Match group scponly
        ChrootDirectory /ftp-jail/%u
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -l VERBOSE

     With this patch I am hoping that I can add "-sftpumask 0000" to
the "ForceCommand" option.  The Gentoo (and Debian as I understand it)
daemon monitoring program "start-stop-daemon" is used to manage the
master "sshd" process.  This daemon sets the umask to "0022".   sshd
and the internal sftp server do not appear to ever over-ride that
setting.  I did some "strace" tests on the sshd process as I uploaded a
file.  I observed that while the file was opened with file access mode
"0666" the resulting file on disk (actually an NFS share) was mode
0644.  My ultimate goal is to force the file to be 0666 (non-root
processes need to be able to rename / move these uploaded files before
processing them and possibly delete them afterwards).

     Thank you for your time.

[1a] http://sftpfilecontrol.sourceforge.net


[2] http://bugs.gentoo.org/show_bug.cgi?id=305455

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list