[scponly] scponly and umask
Kaleb Pederson
kaleb.pederson at gmail.com
Tue Mar 31 12:43:44 EDT 2009
Thanks.
Does it work correctly in a normal shell (e.g. disallow the users from issuing chmod/chown)?
In looking at the patch, with SFTP_PERMIT_CH{MOD,OWN}=1, it should indeed allow the users to change owner and permissions, so I expect it will allow the users to issue chmod/chown commands.
--Kaleb
On Tuesday 31 March 2009 07:13:24 am Ken wrote:
> While sftp users are in session,
>
> SFTP_PID=(`ps aux | grep '[s]ftp-server' | awk '{print $2}'`);[
> "$SFTP_PID" ] && for i in ${SFTP_PID[*]};do sudo cat /proc/$i/environ |
> xargs -n1 -0 echo;done || echo -e "\n\$SFTP_PID not defined\n"
>
> reveals the SFTP_UMASK,SFTP_PERMIT_CHMOD,SFTP_PERMIT_CHOWN env vars are
> the same in a shell for a normal user and for a chrooted scponly user.
>
> SFTP_UMASK=""
> SFTP_PERMIT_CHMOD="1"
> SFTP_PERMIT_CHOWN="1"
>
> while sshd_config says:
> # sftp-server umask control
> SftpUmask 0002
> SftpPermitChmod no
> SftpPermitChown no
>
> Again, versions and options are:
> OpenSSH_5.1p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8e-fips-rhel5,
> scponly-4.8 w/ --enable-winscp-compat --enable-sftp-logging-compat
> --enable-rsync-compat --enable-chrooted-binary
>
> Ken Bingham
> SysAdmin, Booksurge
> (843) 760-8038 EST
>
>
>
> Kaleb Pederson wrote:
> > ...
> > I'm not sure what facilities the sftpfilecontrol patch are using to
> > set the umask and chmod controls. The sftp-logging patch used
> > environment variables, which scponly passes on to the sftp server, but
> > without knowing specifics to the sftpfilecontrol patch, I can't offer
> > any further suggestions.
> > ...
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>
More information about the scponly
mailing list