Re: OT: seeking help with uploading files via sftp and preventing their subsequent deletion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Oct 10, 2014 at 03:51:29PM -0400, Ivica Ico Bukvic wrote:
> All,
> 
> I am in a bit of a time-bind and am wondering if anyone could help me 
> with this. Namely, I am trying to cobble a sftp system where conference 
> participants may want to upload their proposed submissions and once they 
> are uploaded that they are unable to delete their own or anyone else's 
> submission. Going with commercial solutions is not an option.
> 
> So, what I did so far is change /etc/ssh/sshd_config so that sftp 
> chroots said user's home dir, and prevents access via ssh. I also 
> created a sftponly group and added the user to it. I adjusted home dir 
> permissions and created a subfolder "submissions" where users can submit 
> their projects. Finally, I added umask to strip permissions from 
> uploaded files.
> 
> So, the /etc/ssh/sshd_config has the following entry
> 
> Match Group sftponly
> ChrootDirectory /home/%u
> ForceCommand internal-sftp -u 0222
> X11Forwarding no
> AllowTcpForwarding no
> 
> So, everything works, except no matter what permissions assign via 
> umask, even if I change ownership manually via a different ssh user 
> session, sftp client can still erase the file. How is this possible? And 
> more importantly, how can one circumvent that? And perhaps most 
> importantly is there an easier way to do this?
> 
> Below are permissions of folders in question:
> 
> drwxr-xr-x 3 root USER 4096 Oct 10 15:21 .
> drwxr-xr-x 36 root root 4096 Oct 7 12:16 ..
> drwxr-xr-x 2 USER sftponly 4096 Oct 10 19:39 submissions
> 
> Any idea how this can be fixed?

An idea is to remove the destructive commands in sftp-server
and open a file in write mode only with the file creation flags
O_CREAT and O_EXCL, so it is impossible to overwrite a file.

A patch (no tested) for sftp-server.c (openssh 6) is

--- sftp-server.c~	2014-10-11 12:18:32.357980133 +0200
+++ sftp-server.c	2014-10-11 12:18:32.357980133 +0200
@@ -124,16 +124,14 @@
 
 	if ((pflags & SSH2_FXF_READ) &&
 	    (pflags & SSH2_FXF_WRITE)) {
-		flags = O_RDWR;
+		flags = O_RDWR | O_CREAT | O_EXCL;
 	} else if (pflags & SSH2_FXF_READ) {
 		flags = O_RDONLY;
 	} else if (pflags & SSH2_FXF_WRITE) {
-		flags = O_WRONLY;
+		flags = O_WRONLY | O_CREAT | O_EXCL;
 	}
 	if (pflags & SSH2_FXF_CREAT)
 		flags |= O_CREAT;
-	if (pflags & SSH2_FXF_TRUNC)
-		flags |= O_TRUNC;
 	if (pflags & SSH2_FXF_EXCL)
 		flags |= O_EXCL;
 	return flags;
@@ -1316,10 +1314,7 @@
 		process_fstat();
 		break;
 	case SSH2_FXP_SETSTAT:
-		process_setstat();
-		break;
 	case SSH2_FXP_FSETSTAT:
-		process_fsetstat();
 		break;
 	case SSH2_FXP_OPENDIR:
 		process_opendir();
@@ -1328,13 +1323,11 @@
 		process_readdir();
 		break;
 	case SSH2_FXP_REMOVE:
-		process_remove();
 		break;
 	case SSH2_FXP_MKDIR:
 		process_mkdir();
 		break;
 	case SSH2_FXP_RMDIR:
-		process_rmdir();
 		break;
 	case SSH2_FXP_REALPATH:
 		process_realpath();
@@ -1343,7 +1336,6 @@
 		process_stat();
 		break;
 	case SSH2_FXP_RENAME:
-		process_rename();
 		break;
 	case SSH2_FXP_READLINK:
 		process_readlink();
@@ -1352,7 +1344,6 @@
 		process_symlink();
 		break;
 	case SSH2_FXP_EXTENDED:
-		process_extended();
 		break;
 	default:
 		error("Unknown message %d", type);
_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@xxxxxxxxxxxxxxxxxxxx
http://lists.linuxaudio.org/listinfo/linux-audio-user




[Index of Archives]     [Linux Sound]     [ALSA Users]     [Pulse Audio]     [ALSA Devel]     [Sox Users]     [Linux Media]     [Kernel]     [Photo Sharing]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux