On Thu, 2017-12-14 at 10:26 -0600, House Lee wrote: > Hi, > > I understand that if I specify `ForceCommand internal-sftp -u > <umask>`, the permission of any files uploaded via sftp will be > calculated by `<original permission> & ~umask`. However, this can be > bypassed by the `-P` option of `put` command. We are developing a > shared hosting platform, therefore we definitely don’t want our users > being able to upload any executable files. We can not disable the x > permission by umask because directories need the x permission. > > Is there any possible way to accomplish this? or is it possible to > add a `ForceFilePermission` and `ForceDirPermission` option in the > sshd_config ? > > Thanks & Best Regards, > House Hello, during last month, there were already two emails in this mailing list discussing this issue: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017- November/036468.html The patch exists here since 2010 and it is currently used in Fedora/RHEL to a great satisfaction, though it was never accepted by upstream nor there was any official statement if they will eventually accept this change or why not (and in which I would be greatly interested). Best advise I have is to pull that patch from the linked thread above. Or have some script that is fixing the files permissions upon upload. Regards, Jakub -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
