similar to: SFTP subsystem and explicit file permissions

Hello again, Even with umask working (thanks very much!) I have found that I require more control over file permissions with sftp-server/internal-sftp. Please see the attached patch. It adds yet another option to sftp-server (-m) that will force file permissions. I have a been running a patched version of 5.6p1 under RHEL4 in production with no problems. Please consider including this change

https://bugzilla.mindrot.org/show_bug.cgi?id=1844 Summary: Explicit file permissions enhancement to sftp-server Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain SFTP-only users. I use the following lines in my sshd_config file: Match Group sftponly ChrootDirectory /home/chroot-%u ForceCommand internal-sftp It works great. The problem is that some of my users need umask 002 for their uploads. I tried a few ways to achieve this: * set umask in sshrc,

Maybe one of you can help. We have set up a CentOS server so that each user who logs in via sftp will be jailed in their home directory. Here's the relevant sshd_config: # override default of no subsystems Subsystem sftp internal-sftp -f LOCAL2 -l INFO Match Group sftponly ChrootDirectory /home/%u ForceCommand internal-sftp This actually works great, but none of

https://bugzilla.mindrot.org/show_bug.cgi?id=2282 Bug ID: 2282 Summary: When group member count exceeds 126, config reliant fails Product: Portable OpenSSH Version: 5.3p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sftp-server

https://bugzilla.mindrot.org/show_bug.cgi?id=3207 Bug ID: 3207 Summary: Match blocks ignored in files processed by Include Product: Portable OpenSSH Version: 8.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hope ya'all can help! Been reading and reading, and adjusting... to no avail. We need to have chroot'd SFTP activities logged on a file server and for whatever reason, I simply cannot get it to log with users that are chroot'd (this is necessary for auditing and HIPAA - so it is pretty important) I have tried with Fedora 11/12 and even an older Fedora 8 server, the same results: 1.

hi! i need ssh users and sftp users on my server. they don't mix so sftp users have a /bin/false as their shell. however when i try a ssh connect to such a user. he does not get disconnected but hangs forever. can it be that sshd searches foer /bin/false in the chroot environment? but i tried to place it there including ldd requirements. no success. i just want sftp users to get no shell

Hello: I got the error EXDEV (Invalid cross-device link) when renaming one file to another directory that is actually mounting another file system. I am using SSH-2.0-OpenSSH_6 with standard SFTP setup as below Subsystem sftp internal-sftp Match group sftponly ChrootDirectory /home/sftp/%u X11Forwarding no AllowTcpForwarding no ForceCommand

Hello, I have noticed that the -u parameter to the sftp-server or internal-sftp subsystem is not working correctly. For openssh-5.6p1 I believe that the problem lies in this code, starting at line 1414 in sftp-server.c: ---------------------------------------------------------- case 'u': mask = (mode_t)strtonum(optarg, 0, 0777, &errmsg); if (errmsg != NULL)

HI: I tried to deploy a SFTP server with chroot but when i tried to connnect the client send the next error: Write failed: Broken pipe Couldn't read packet: Connection reset by peer The sshd_conf file is the next: ------------------------------------------------------------------- # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and

https://bugzilla.mindrot.org/show_bug.cgi?id=1616 Summary: root owned empty subdirs are deletable by chroot users Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

Hello! Please take a look at this problem: 1. at sshd_config: Subsystem sftp internal-sftp Match group sftponly ? ? ? ? ?ChrootDirectory /public ? ? ? ? ?X11Forwarding no ? ? ? ? ?AllowTcpForwarding no ? ? ? ? ?ForceCommand internal-sftp 2. at client's bash: sshfs server:/ /home/kr/krpub-mount -o uid=$(id -u kr) -o gid=$(id -g kr) -o allow_other -o default_permissions -o reconnect -o

https://bugzilla.mindrot.org/show_bug.cgi?id=1527 Summary: ForceCommand internal-sftp needs a way to enable logging Product: Portable OpenSSH Version: 5.1p1 Platform: Itanium2 OS/Version: HP-UX Status: NEW Severity: minor Priority: P4 Component: sftp-server AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=1951 Bug #: 1951 Summary: Add home directory facility for chrooted environments Classification: Unclassified Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd

Hi I'm using Centos 5 with Openssh-5.0p1 installed (and OpenSSL 0.98b and Zlib 1.2.3-3). I've managed to get a chroot'd SFTP session using ChrootDirectory and the new built-in SFTP subsystem. However, when I use SSH to connect to the same account the session hangs rather than closing the connection. This happens whether or not I use /sbin/nologin /bin/false or even /bin/sh

On Sat, 11 Nov 2023, Bob Proulx wrote: > I am supporting a site that allows members to upload release files. I > have inherited this site which was previously existing. The goal is > to allow members to file transfer to and from their project area for > release distribution but not to allow general shell access and not to > allow access to other parts of the system. > >

On 12.11.23 03:52, Damien Miller wrote: > On Sat, 11 Nov 2023, Bob Proulx wrote: > >> I am supporting a site that allows members to upload release files. I >> have inherited this site which was previously existing. The goal is >> to allow members to file transfer to and from their project area for >> release distribution but not to allow general shell access and not

Hi guys, I have a server setup with openssh-5.0p1 and use some users as sftp-only chroot accounts. The following configuration yields exactly the result I want: user is chrooted, logs to syslog, all is good. #================================================# Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE Match User fredwww ChrootDirectory %h #ForceCommand internal-sftp

Hi all, I am using Match directive and internal-sftp to chroot sftp users into their directory. Connection and login works. I can change directories and put/get files. Also logging of the internal sftp-process works (created a /dev/log socket inside the chroot). As soon as I use the 'ls' command, nothing happens and the the process gets stuck. Listing files does work as soon as I remove