bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-12 19:39 UTC
[Bug 1979] New: Enhancement patch: Restrict sftp-server to basic commands, by user or group
bugzilla.mindrot.org/show_bug.cgi?id=1979 Bug #: 1979 Summary: Enhancement patch: Restrict sftp-server to basic commands, by user or group Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jdmossh at nand.net Created attachment 2128 --> bugzilla.mindrot.org/attachment.cgi?id=2128 Patch versus 5.9p1 This patch adds the ability to restrict an sftp-server user to just basic commands such as get, put, readdir, and readlink, and prohibit mkdir, rmdir, rename, symlink, setstat and their equivalents. It comes with an sshd_config option (RestrictSFtpSysToBasics) which can be global or in a Match block. I've found it helpful, and that request occasionally comes up on the openssh-unix-dev list. Please give feedback and consider it for inclusion. Patches are attached against both 5.9p1 and openbsd's 5.9. A more advanced enhancement might let the server admin specify which commands to permit/deny; I think this is a good start. -- Configure bugmail: bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-12 19:40 UTC
[Bug 1979] Enhancement patch: Restrict sftp-server to basic commands, by user or group
bugzilla.mindrot.org/show_bug.cgi?id=1979 --- Comment #1 from Jeremy Monin <jdmossh at nand.net> 2012-02-13 06:40:01 EST --- Created attachment 2129 --> bugzilla.mindrot.org/attachment.cgi?id=2129 Patch versus 5.9 -- Configure bugmail: bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-12 19:40 UTC
[Bug 1979] Enhancement patch: Restrict sftp-server to basic commands, by user or group
bugzilla.mindrot.org/show_bug.cgi?id=1979 Jeremy Monin <jdmossh at nand.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2128|application/octet-stream |text/plain mime type| | Attachment #2128|0 |1 is patch| | -- Configure bugmail: bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-12 19:40 UTC
[Bug 1979] Enhancement patch: Restrict sftp-server to basic commands, by user or group
bugzilla.mindrot.org/show_bug.cgi?id=1979 Jeremy Monin <jdmossh at nand.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jdmossh at nand.net -- Configure bugmail: bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-18 07:28 UTC
[Bug 1979] Enhancement patch: Restrict sftp-server to basic commands, by user or group
bugzilla.mindrot.org/show_bug.cgi?id=1979 cludvigg56 at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cludvigg56 at yahoo.com --- Comment #2 from cludvigg56 at yahoo.com 2012-06-18 17:28:02 EST --- hi jeremy, i just would like to ask on how to apply this patch?(sorry just a noob in linux) -- Configure bugmail: bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.