Displaying 20 results from an estimated 3000 matches similar to: "SFTP subsystem and explicit file permissions"
2010 Nov 04
1
Explicit file permissions for sftp-server
Hello again,
Even with umask working (thanks very much!) I have found that I require
more control over file permissions with sftp-server/internal-sftp.
Please see the attached patch. It adds yet another option to
sftp-server (-m) that will force file permissions.
I have a been running a patched version of 5.6p1 under RHEL4 in
production with no problems. Please consider including this change
2010 Dec 09
3
[Bug 1844] New: Explicit file permissions enhancement to sftp-server
https://bugzilla.mindrot.org/show_bug.cgi?id=1844
Summary: Explicit file permissions enhancement to sftp-server
Product: Portable OpenSSH
Version: 5.6p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sftp-server
AssignedTo: unassigned-bugs at mindrot.org
2009 Jan 09
1
setting umask for internal-sftp users
I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain
SFTP-only users. I use the following lines in my sshd_config file:
Match Group sftponly
ChrootDirectory /home/chroot-%u
ForceCommand internal-sftp
It works great.
The problem is that some of my users need umask 002 for their uploads. I tried a few ways to
achieve this:
* set umask in sshrc,
2010 Feb 10
1
Syslog for chroot-jailed SFTP users?
Maybe one of you can help. We have set up a CentOS server so that
each user who logs in via sftp will be jailed in their home directory.
Here's the relevant sshd_config:
# override default of no subsystems
Subsystem sftp internal-sftp -f LOCAL2 -l INFO
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp
This actually works great, but none of
2014 Sep 24
11
[Bug 2282] New: When group member count exceeds 126, config reliant fails
https://bugzilla.mindrot.org/show_bug.cgi?id=2282
Bug ID: 2282
Summary: When group member count exceeds 126, config reliant
fails
Product: Portable OpenSSH
Version: 5.3p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sftp-server
2020 Aug 31
2
[Bug 3207] New: Match blocks ignored in files processed by Include
https://bugzilla.mindrot.org/show_bug.cgi?id=3207
Bug ID: 3207
Summary: Match blocks ignored in files processed by Include
Product: Portable OpenSSH
Version: 8.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at
2010 Jul 10
1
internal-sftp and logging not working with Fedora and chroot using 5.5?
Hope ya'all can help!
Been reading and reading, and adjusting... to no avail.
We need to have chroot'd SFTP activities logged on a file server and for
whatever reason, I simply cannot get it to log with users that are chroot'd
(this is necessary for auditing and HIPAA - so it is pretty important)
I have tried with Fedora 11/12 and even an older Fedora 8 server, the same
results:
1.
2009 Jun 13
0
openssh sftp chroot /bin/false
hi!
i need ssh users and sftp users on my server. they don't mix so sftp users have a /bin/false
as their shell.
however when i try a ssh connect to such a user. he does not get disconnected but hangs forever.
can it be that sshd searches foer /bin/false in the chroot environment?
but i tried to place it there including ldd requirements. no success.
i just want sftp users to get no shell
2013 Jan 18
1
sftp does not allow rename across file system
Hello:
I got the error
EXDEV (Invalid cross-device link)
when renaming one file to another directory that is actually mounting
another file system.
I am using SSH-2.0-OpenSSH_6
with standard SFTP setup as below
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /home/sftp/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand
2010 Nov 02
1
SFTP subsystem and umask
Hello,
I have noticed that the -u parameter to the sftp-server or internal-sftp subsystem is not working correctly. For openssh-5.6p1 I believe that the problem lies in this code, starting at line 1414 in sftp-server.c:
----------------------------------------------------------
case 'u':
mask = (mode_t)strtonum(optarg, 0, 0777, &errmsg);
if (errmsg != NULL)
2010 Jul 14
1
SFTP Chroot
HI:
I tried to deploy a SFTP server with chroot but when i tried to connnect the
client send the next error:
Write failed: Broken pipe
Couldn't read packet: Connection reset by peer
The sshd_conf file is the next:
-------------------------------------------------------------------
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and
2009 Jun 30
5
[Bug 1616] New: root owned empty subdirs are deletable by chroot users
https://bugzilla.mindrot.org/show_bug.cgi?id=1616
Summary: root owned empty subdirs are deletable by chroot users
Product: Portable OpenSSH
Version: 5.2p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sftp-server
AssignedTo: unassigned-bugs at mindrot.org
2009 Jun 12
0
can you stop the trouble with file masks and default permissions?
Hello!
Please take a look at this problem:
1. at sshd_config:
Subsystem sftp internal-sftp
Match group sftponly
? ? ? ? ?ChrootDirectory /public
? ? ? ? ?X11Forwarding no
? ? ? ? ?AllowTcpForwarding no
? ? ? ? ?ForceCommand internal-sftp
2. at client's bash:
sshfs server:/ /home/kr/krpub-mount -o uid=$(id -u kr) -o gid=$(id -g kr) -o
allow_other -o default_permissions -o reconnect -o
2008 Sep 23
3
[Bug 1527] New: ForceCommand internal-sftp needs a way to enable logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1527
Summary: ForceCommand internal-sftp needs a way to enable
logging
Product: Portable OpenSSH
Version: 5.1p1
Platform: Itanium2
OS/Version: HP-UX
Status: NEW
Severity: minor
Priority: P4
Component: sftp-server
AssignedTo:
2011 Nov 18
4
[Bug 1951] New: Add home directory facility for chrooted environments
https://bugzilla.mindrot.org/show_bug.cgi?id=1951
Bug #: 1951
Summary: Add home directory facility for chrooted environments
Classification: Unclassified
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
2008 Apr 15
0
ChrootDirectory - SFTP subsystem works fine but SSH hangs
Hi
I'm using Centos 5 with Openssh-5.0p1 installed (and OpenSSL 0.98b and
Zlib 1.2.3-3). I've managed to get a chroot'd SFTP session using
ChrootDirectory and the new built-in SFTP subsystem. However, when I
use SSH to connect to the same account the session hangs rather than
closing the connection. This happens whether or not I use
/sbin/nologin /bin/false or even /bin/sh
2023 Nov 12
2
restrict file transfer in rsync, scp, sftp?
On Sat, 11 Nov 2023, Bob Proulx wrote:
> I am supporting a site that allows members to upload release files. I
> have inherited this site which was previously existing. The goal is
> to allow members to file transfer to and from their project area for
> release distribution but not to allow general shell access and not to
> allow access to other parts of the system.
>
>
2023 Nov 12
1
restrict file transfer in rsync, scp, sftp?
On 12.11.23 03:52, Damien Miller wrote:
> On Sat, 11 Nov 2023, Bob Proulx wrote:
>
>> I am supporting a site that allows members to upload release files. I
>> have inherited this site which was previously existing. The goal is
>> to allow members to file transfer to and from their project area for
>> release distribution but not to allow general shell access and not
2008 Jun 20
1
ForceCommand internal-sftp causes sftp logging to fail (openssh-5.0p1)
Hi guys,
I have a server setup with openssh-5.0p1 and use some users as
sftp-only chroot accounts.
The following configuration yields exactly the result I want:
user is chrooted, logs to syslog, all is good.
#================================================#
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE
Match User fredwww
ChrootDirectory %h
#ForceCommand internal-sftp
2014 Mar 17
1
internal-sftp stuck on 'ls' with chrootdirectory
Hi all,
I am using Match directive and internal-sftp to chroot sftp users into their
directory. Connection and login works. I can change directories and put/get
files. Also logging of the internal sftp-process works (created a /dev/log
socket inside the chroot). As soon as I use the 'ls' command, nothing
happens and the the process gets stuck. Listing files does work as soon as I
remove