Re: OT: seeking help with uploading files via sftp and preventing their subsequent deletion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/10/2014 04:05 PM, Erik Steffl wrote:
On 10/10/2014 12:51 PM, Ivica Ico Bukvic wrote:
All,

I am in a bit of a time-bind and am wondering if anyone could help me
with this. Namely, I am trying to cobble a sftp system where conference
participants may want to upload their proposed submissions and once they
are uploaded that they are unable to delete their own or anyone else's
submission. Going with commercial solutions is not an option.

So, what I did so far is change /etc/ssh/sshd_config so that sftp
chroots said user's home dir, and prevents access via ssh. I also
created a sftponly group and added the user to it. I adjusted home dir
permissions and created a subfolder "submissions" where users can submit
their projects. Finally, I added umask to strip permissions from
uploaded files.

So, the /etc/ssh/sshd_config has the following entry

Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp -u 0222
X11Forwarding no
AllowTcpForwarding no

So, everything works, except no matter what permissions assign via
umask, even if I change ownership manually via a different ssh user
session, sftp client can still erase the file. How is this possible? And

delete is an operation on directory, meaning they can delete file if they have write access to directory which they need to be able to create files.

Except how can one do this via sftp even if the file permission has been changed 000 (meaning no permissions)? Via ssh that is not the case at all and I thought that sftp's backend is ssh?


more importantly, how can one circumvent that? And perhaps most
importantly is there an easier way to do this?

seem like you can whitelist and blacklist sftp commands, so just don't allow delete? See man sftp and -p and -P options. Didn't actually try it but it seems like it would do what you want.

How would I go about doing that only for a specific user? Where would I store/change such sftp options?


    erik


Below are permissions of folders in question:

drwxr-xr-x 3 root USER 4096 Oct 10 15:21 .
drwxr-xr-x 36 root root 4096 Oct 7 12:16 ..
drwxr-xr-x 2 USER sftponly 4096 Oct 10 19:39 submissions

Any idea how this can be fixed?


_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@xxxxxxxxxxxxxxxxxxxx
http://lists.linuxaudio.org/listinfo/linux-audio-user


--
Ivica Ico Bukvic, D.M.A.
Associate Professor
Computer Music
ICAT Senior Fellow
DISIS, L2Ork
Virginia Tech
School of Performing Arts - 0141
Blacksburg, VA 24061
(540) 231-6139
ico@xxxxxx
www.performingarts.vt.edu
disis.music.vt.edu
l2ork.music.vt.edu

_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@xxxxxxxxxxxxxxxxxxxx
http://lists.linuxaudio.org/listinfo/linux-audio-user




[Index of Archives]     [Linux Sound]     [ALSA Users]     [Pulse Audio]     [ALSA Devel]     [Sox Users]     [Linux Media]     [Kernel]     [Photo Sharing]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux