openssh bugs - Feb 2010 - [Bug 1715] New: Integrate patch to provide ability to force 'umask' in sftp-server

https://bugzilla.mindrot.org/show_bug.cgi?id=1715

           Summary: Integrate patch to provide ability to force 'umask'
in
                    sftp-server
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sftp-server
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: dennis.jenkins.75 at gmail.com


Hello,

     I need to control the umask of files uploaded to an SFTP server
running on Gentoo Linux.  Fortunately, Michael Martinez created just
such a patch a long time ago [1].  He has been maintaining it on his
own (my efforts to contact him have failed though).

     Unfortunately, I have a strong need for the install of all
packages on our servers to be managed through the built-in package
management system.  A manually installed version of openssh would get
clobbered on each system update.

     If at all possible I would like the openssh development group to
review his patch and consider it for inclusion into the openssh
mainline.

     Before approaching the openssh group I had posted a feature
request on the Gentoo Bugzilla [2].  The Gentoo team suggested that I
bring the request to your attention first (makes sense to me).

     I would greatly appreciate any efforts in reviewing, approving and
integrating this patch.  I am certainly willing to help test it.  If
the openssh team integrates this patch, or similar functionality, then
I will work with the Gentoo team to get them to update their openssh
package.

     A little more information about my actual use case:

     I use the "chroot" and "internal-sftp" features.  I
have the
following in my "/etc/ssh/sshd_config" file:

Match group scponly
        ChrootDirectory /ftp-jail/%u
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -l VERBOSE

     With this patch I am hoping that I can add "-sftpumask 0000" to
the "ForceCommand" option.  The Gentoo (and Debian as I understand it)
daemon monitoring program "start-stop-daemon" is used to manage the
master "sshd" process.  This daemon sets the umask to
"0022".   sshd
and the internal sftp server do not appear to ever over-ride that
setting.  I did some "strace" tests on the sshd process as I uploaded
a
file.  I observed that while the file was opened with file access mode
"0666" the resulting file on disk (actually an NFS share) was mode
0644.  My ultimate goal is to force the file to be 0666 (non-root
processes need to be able to rename / move these uploaded files before
processing them and possibly delete them afterwards).


     Thank you for your time.


[1a] http://sftpfilecontrol.sourceforge.net

[1b]
http://sftpfilecontrol.sourceforge.net/download/v1.3/openssh-5.3p1.sftpfilecontrol-v1.3.patch

[2] http://bugs.gentoo.org/show_bug.cgi?id=305455

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1715

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE

--- Comment #1 from Damien Miller <djm at mindrot.org> 2010-02-24 05:34:54
EST ---


*** This bug has been marked as a duplicate of bug 1229 ***

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1715

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> 2010-04-16 15:51:22
EST ---
Mass move of bugs RESOLVED->CLOSED following the release of
openssh-5.5p1

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.