Re: [SFTP] Possibility for Adding "ForceFilePermission" option

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, 2017-12-19 at 02:03 +1030, David Newall wrote:
> On 18/12/17 22:33, Jakub Jelen wrote:
> > during last month, there were already two emails in this mailing
> > list
> > discussing [forced permissions]:
> > 
> > https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-
> > November/036468.html
> 
> This seems like a reasonable and useful feature.  It's simple to 
> implement, and, (apparently) there's already a patch to do it.
> 
> I can think of one reason why further thought is required.  It could
> be 
> argued that this needs to be determined per-user.  That is, should
> there 
> be some way to specify a group of users for whom permissions are not 
> forced; or, in the alternative, a group of users for whom
> permissions 
> must be forced.

The ForceCommand can accept argument with sftp-server/internal-sftp, it
can already appear in the Match blocks and therefore you can very
simply adjust the SFTP-only access for separate groups/users with this
simple patch.

What is missing is a force mode for directories, but I would consider
this as a minor issue, if it would be ever needed in real-world use
cases.

Regards,
Jakub

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux