similar to: ftp-server patch - restrict user to directory

Hi everyone I would like to enable unprivileged users to share only certain directories using SFTP without acquiring root, without setting capabilities using public-key-based forced commands. In another use case unprivileged users could write scripts that evaluate "$SSH_ORIGINAL_COMMAND" and then either execute sftp-server in a jail "$SSH_ORIGINAL_COMMAND" after

This is another take on logging for sftp-server. Given the number of private email requests I've received for this patch, I assume there is signifigant enough interest to request it be reviewed for inclusion into the release. The patch is against 3.1p1, and is completely disabled by default. To enable logging, one must use compile time directives (-DSFTP_LOGGING). This was done due to prior

One of the features missing in sftp is the ability to transfer a symlink. This patch adds a new command to sftp which performs this transfer. Note that it uses messages that already exist in the protocol between client and server. This diff is based on OpenSSH 3.4p1. *** sftp-client.c@@\main\1 Tue Oct 1 17:26:20 2002 --- sftp-client.c Wed Oct 23 15:57:34 2002 *************** *** 666,672 ****

There are a couple of races in sftp-server as this patch shows: --- sftp-server.c 28 Jan 2003 18:06:53 -0000 1.1.1.2 +++ sftp-server.c 5 Feb 2003 19:19:42 -0000 @@ -832,19 +832,22 @@ process_rename(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL);

This patch adds a readonly mode to scp and sftp_server. This allows clients to only read files from the server, but not to write them. Patch is based on OpenSSH 3.4p1 *** scp.c@@\main\1 Tue Oct 1 17:25:16 2002 --- scp.c Wed Oct 2 06:05:14 2002 *************** *** 122,127 **** --- 122,130 ---- /* This is set to zero if the progressmeter is not desired. */ int showprogress = 1; + /* deny

Sorry to repost, but I finally have the code on a machine that has diff -u, and I've updated it for 2.9p2. Attached is the unified diff to add logging of SFTP activity to auth.info. If there is a more proper way to contrib patches, please let me know. Cheers, Jason # "Jason A. Dour" <jason at dour.org> http://dour.org/ # Founder / Executive Producer - PJ

Here's a patch that adds support for the creation of hard links over SFTP. Hard links are not used very often nowdays, but they do still have their uses and this is currently the most often requested improvement for SSHFS. To detect hard links the st_nlink, st_dev and st_ino attributes are usually used. I'll also post patches adding extensions for these and other attributes. Please

This is needed to be able to support a rename() operation conforming to POSIX in the SSH filesystem. With the rename operation defined in the SFTP spec, this is impossible, since in case the target exists it's not possible to perform the rename+unlink atomically. Miklos Index: ssh/sftp-server.c =================================================================== --- ssh.orig/sftp-server.c

The get_handle function can return a negative value. The variable that value is assigned to is eventually passed to handle_close which uses the value as an array index thus not being able to handle negative values. This patch adds the return code check and provides an appropriate error exit in the event of a negative return code. This entire set of patches passed the regression tests on my

And while we are at it, can you please comment on these patches as well, originally submitted around one year ago. Oh, and I think we can agree, that the secsh-filexfer standardization is dead, so there's not much point in trying to support newer protocol versions, which don't have statfs anyway. Thanks, Miklos ----- This is needed to be able to support statfs operation on an SSH

Sftp fails to correctly preserve permissions when fetching a file. It adds write permission for the owner (presumably so it can write the file). Sftp also fails to preserve the uid/gid. Added code so that if is running as root, uid and gid are preserved. patch is based on Openssh 3.4p1. *** sftp-client.c@@\main\1 Tue Oct 1 17:26:20 2002 --- sftp-client.c Tue Nov 5 10:22:52 2002

I'm working on setting up a semi-trusted sftp service, and to get it working, I need chroot capability. I've taken the /./ wuftpd magic token code from contrib/chroot.diff and put it into the sftp server. The main problem is that privileges have been dropped by the time the subsystem is exec'ed, so my patch requires that sftp-server be setuid root. Not ideal, I know, but I drop all

Hi, Thanks a lot for this great software :) I'm trying to do something to secure my server. I need to disable removing file or removing directory using SFTP. In other words, the user can only write, move but not delete the file. This will be used to store logs so, I need to make sure once the logs written to my server the user cannot remove it. I tried doing this by changing the code of

Is there an alternative to using link(2) to rename files in sftp-server? Some users use sftp to upload files to a vfat partition on an sftp-server, and then renaming doesn't work. This breaks konqueror, for example (from KDE, which u), which upload files first with a ".part" extension and then renames them removing this extension.

Commit-ID: ebdc262bd8a4d650c58de48f67e6b08aeb953a8f Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=ebdc262bd8a4d650c58de48f67e6b08aeb953a8f Author: Ben Hutchings <ben at decadent.org.uk> AuthorDate: Mon, 16 Jul 2018 18:24:08 +0100 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Fri, 18 Jan 2019 03:10:14 +0000 [klibc] rename, renameat: Use

http://bugzilla.mindrot.org/show_bug.cgi?id=861 Summary: Swapped parameters of SSH_FXP_SYMLINK packet of SFTP protocol Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo:

Hi, I've already discussed this issue in SSHSCI's SSH 2.2 context on ssh at clinet.fi list. My standpoint is that it's wrong and meaningless to perform chown in sftp-server as the file is most likely copied between systems with distinct accounting system where user is not necessarily (and even unlikely) has same numeric user id. The original bug report was that user couldn't

Hello, Couple of days ago, I received a request from a customer. He wants to provide sftp users access to a directory tree containing files. The users must have full rights, but he also wants to avoid moving or deleting directories. This is mostly to prevent mistakenly drag and drop from user's graphical client (Filezilla). Said differently, he wants to protect the directories organization.

New architectures only define the renameat2() system call, which was added in Linux 3.15. Define rename() and renameat() as wrappers for it if necessary. Signed-off-by: Ben Hutchings <ben at decadent.org.uk> --- --- a/usr/klibc/Kbuild +++ b/usr/klibc/Kbuild @@ -59,7 +59,8 @@ klib-y += vsnprintf.o snprintf.o vsprint inet/inet_ntoa.o inet/inet_aton.o inet/inet_addr.o \

Details of the changes in second patch set as outlined in the first mail of this series: -------------------------------------------------------------------------------------------------------------------------- diff --git a/usr/include/arch/aarch64/klibc/archconfig.h b/usr/include/arch/aarch64/klibc/archconfig.h index 5cc1e7e..5ee278d 100644 --- a/usr/include/arch/aarch64/klibc/archconfig.h +++