Disallow some sftp commands

Damien Miller djm at mindrot.org
Thu Sep 7 09:13:42 AEST 2017


On Wed, 6 Sep 2017, René Ribaud wrote:

> Hello,
> 
> Couple of days ago, I received a request from a customer.
> He wants to provide sftp users access to a directory tree containing files.
> The users must have full rights, but he also wants to avoid moving or
> deleting directories. This is mostly to prevent mistakenly drag and
> drop from user's graphical client (Filezilla).
> Said differently, he wants to protect the directories organization.
> 
> First, I tried to find how to do that from system point of view. But it
> looks not easilly possible according to what customer wants to do.
> 
> So as a proof of concept, I decided to do it from the application side,
> modifying the sftp server by answering ok and not doing the rmdir and
> rename commands (ugly patch below).
> It works as expected and seems to satisfy the customer.
> 
> Do you think, it is something that could be implemented upstream ?

I added this ability 4 years ago. See the -p/-P and -Q flags for
sftp-server.

These are the requests that can be while/blacklisted:

[djm at natsu]$ /usr/libexec/sftp-server -Q requests 
open
close
read
write
lstat
fstat
setstat
fsetstat
opendir
readdir
remove
mkdir
rmdir
realpath
stat
rename
readlink
symlink
posix-rename
statvfs
fstatvfs
hardlink
fsync

-d


More information about the openssh-unix-dev mailing list