Dmitry Belyavskiy
2022-Dec-16 12:29 UTC
Permissions of the files and directory created by sftp-server.
Dear colleagues, I want to draw your attention to this proposal: https://github.com/openssh/openssh-portable/pull/351 This is to add two options (-m and -M) to sftp-server in order to force the permission of the files and directory created by sftp-server. Some applications have a requirement for the permission of the files and directories which are created by the sftp-server. Now, some permission can be excluded by -u option, but the base permission comes from the original permission on the client side. And, it cannot be controlled by the sftp-server side completely. The -m option is for files, and the -M option is for directories. The patch is partially implemented and as downstream in RH-based distributions and works quite well. -- Dmitry Belyavskiy
Robinson, Herbie
2022-Dec-16 13:47 UTC
[EXTERNAL] Permissions of the files and directory created by sftp-server.
That sounds great. It would be even greater if it was in the config file and supported POSIX ACLs, too.>From Phone________________________________ From: openssh-unix-dev <openssh-unix-dev-bounces+herbie.robinson=stratus.com at mindrot.org> on behalf of Dmitry Belyavskiy <dbelyavs at redhat.com> Sent: Friday, December 16, 2022 7:29:03 AM To: OpenSSH Devel List <openssh-unix-dev at mindrot.org> Subject: [EXTERNAL] Permissions of the files and directory created by sftp-server. [EXTERNAL SENDER: This email originated from outside of Stratus Technologies. Do not click links or open attachments unless you recognize the sender and know the content is safe.] Dear colleagues, I want to draw your attention to this proposal: https://github.com/openssh/openssh-portable/pull/351<https://github.com/openssh/openssh-portable/pull/351> This is to add two options (-m and -M) to sftp-server in order to force the permission of the files and directory created by sftp-server. Some applications have a requirement for the permission of the files and directories which are created by the sftp-server. Now, some permission can be excluded by -u option, but the base permission comes from the original permission on the client side. And, it cannot be controlled by the sftp-server side completely. The -m option is for files, and the -M option is for directories. The patch is partially implemented and as downstream in RH-based distributions and works quite well. -- Dmitry Belyavskiy _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev at mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev<https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>