On Tue, 2017-12-19 at 02:03 +1030, David Newall wrote: > On 18/12/17 22:33, Jakub Jelen wrote: > > during last month, there were already two emails in this mailing > > list > > discussing [forced permissions]: > > > > https://lists.mindrot.org/pipermail/openssh-unix-dev/2017- > > November/036468.html > > This seems like a reasonable and useful feature. It's simple to > implement, and, (apparently) there's already a patch to do it. > > I can think of one reason why further thought is required. It could > be > argued that this needs to be determined per-user. That is, should > there > be some way to specify a group of users for whom permissions are not > forced; or, in the alternative, a group of users for whom > permissions > must be forced. The ForceCommand can accept argument with sftp-server/internal-sftp, it can already appear in the Match blocks and therefore you can very simply adjust the SFTP-only access for separate groups/users with this simple patch. What is missing is a force mode for directories, but I would consider this as a minor issue, if it would be ever needed in real-world use cases. Regards, Jakub _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
