On Fri, 10 Oct 2014, Ivica Ico Bukvic wrote:
On 10/10/2014 05:08 PM, Len Ovens wrote:
On Fri, 10 Oct 2014, Ivica Ico Bukvic wrote:
So, everything works, except no matter what permissions assign via umask,
even if I change ownership manually via a different ssh user session, sftp
client can still erase the file. How is this possible? And more
importantly, how can one circumvent that? And perhaps most importantly is
there an easier way to do this?
Below are permissions of folders in question:
drwxr-xr-x 3 root USER 4096 Oct 10 15:21 .
drwxr-xr-x 36 root root 4096 Oct 7 12:16 ..
drwxr-xr-x 2 USER sftponly 4096 Oct 10 19:39 submissions
Any idea how this can be fixed?
I don't know how easy it would be to do, but on uploading, create a hard
link to a file in a directory on the same drive where the user does not
have access. The hard link can have a different owner/permitions. Once the
upload is complete, unlink the original uploaded file. This is effectively
a mv, but with owner/permitions changed. The file doesn't have to be fully
uploaded before the link is created so long as the filename is already in
the directory.... but watch for an sftp client that uploads under an upload
name, but creates a zero length file with the final uploaded name to save
the file name on the disk and then mv the uploaded file to that name. You
may have to look for both names. (they are normally similar) You could
write a simple service that just watches the upload directory for new files
and fixes them that way.
Thanks for the advice. This, however, needs to be as automated as possible,
meaning we give access to submitter and they do it all themselves.
It is automated. A script (bash, perl, python, whatever) is created in the
form:
----------------------8<---------------
$time = time
while 1 {
if (directory modified since $time)
look for files created since time.
check if upload is complete
create hard link to another directory
set perm
unlink uploaded file
$time = time
wait a second (save cpu cycles)
}
-------------------8<------------------
Run this from /etc/init.d
It may be simpler to watch a log file looking for sftp files that have
been uploaded to that directory by running /log/logfile through tail -f
and parsing.
It should run as a different user than any login name (no password) and
the directory/files should be read only by anyone else.
Just a thought, does changing the owner of the file as well as perm have
any effect? Generally the owner of a readonly file can still delete it. rm
asks first, sftp may not. The owner can change the write bit for their own
file and sftp may try to do so and delete if successful.
--
Len Ovens
www.ovenwerks.net
_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@xxxxxxxxxxxxxxxxxxxx
http://lists.linuxaudio.org/listinfo/linux-audio-user
