Am 24.03.2014 13:21, schrieb Florian Weimer: > On 03/24/2014 01:06 PM, Reindl Harald wrote: > >> Am 24.03.2014 12:57, schrieb Nicolas Mailhot: >>> Le Sam 22 mars 2014 01:20, Miloslav Trmač a écrit : >>> >>>> The RHEL documentation, apart from fully describing the abilities, >>>> specifically describes two uses: a ftpd banner >>> >>> Surprisingly, ftp is still widely used entreprise-side, because ssh is >>> giving too much access >> >> no, it is easy to restrict ssh to ONLY sftp and chroot and with >> simple bind-mounts you can completly replace ftp, doing that here >> in production over years with 3 simple scripts > > It's still very difficult to securely process uploaded files under a different user account. Some SFTP clients set > restrictive permissions on upload, and the OpenSSH implementation does not allow to bypass that. man umask [root@rh:/downloads]$ cat /etc/ssh/sshd_config | grep internal-sftp Subsystem sftp internal-sftp -u 006
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
