Bugzilla – Attachment 1973 Details for
Bug 1844
Explicit file permissions enhancement to sftp-server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Force file permissions for sftp-server
openssh-forcefileperm.patch (text/plain), 2.55 KB, created by
Rob Candland
on 2010-12-10 10:59:28 AEDT
(
hide
)
Description:
Force file permissions for sftp-server
Filename:
MIME Type:
Creator:
Rob Candland
Created:
2010-12-10 10:59:28 AEDT
Size:
2.55 KB
patch
obsolete
>diff -u openssh.orig/sftp-server.8 ssh/sftp-server.8 >--- openssh.orig/sftp-server.8 2010-12-09 15:56:17.969455644 -0700 >+++ ssh/sftp-server.8 2010-12-09 15:56:24.433451110 -0700 >@@ -34,6 +34,7 @@ > .Op Fl f Ar log_facility > .Op Fl l Ar log_level > .Op Fl u Ar umask >+.Op Fl m Ar force_file_permissions > .Sh DESCRIPTION > .Nm > is a program that speaks the server side of SFTP protocol >@@ -92,6 +93,10 @@ > .Xr umask 2 > to be applied to newly-created files and directories, instead of the > user's default mask. >+.It Fl m Ar force_file_permissions >+Sets explicit file permissions to be applied to newly-created files instead >+of the default or client requested mode. Numeric values include: >+777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set. > .El > .Pp > For logging to work, >diff -u openssh.orig/sftp-server.c ssh/sftp-server.c >--- openssh.orig/sftp-server.c 2010-12-09 15:56:17.969455644 -0700 >+++ ssh/sftp-server.c 2010-12-09 15:56:24.437449634 -0700 >@@ -64,6 +64,10 @@ > /* Disable writes */ > int readonly; > >+/* Force file permissions */ >+int permforce = 0; >+long permforcemode; >+ > /* portable attributes, etc. */ > > typedef struct Stat Stat; >@@ -548,6 +552,10 @@ > a = get_attrib(); > flags = flags_from_portable(pflags); > mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; >+ if (permforce == 1) { /* Force perm if -m is set */ >+ mode = permforcemode; >+ (void)umask(0); /* so umask does not interfere */ >+ } > logit("open \"%s\" flags %s mode 0%o", > name, string_from_portable(pflags), mode); > if (readonly && >@@ -1362,8 +1370,8 @@ > extern char *__progname; > > fprintf(stderr, >- "usage: %s [-ehR] [-f log_facility] [-l log_level] [-u umask]\n", >- __progname); >+"usage: %s [-ehR] [-f log_facility] [-l log_level] [-u umask]\n" >+" [-m force_file_permissions]\n", __progname); > exit(1); > } > >@@ -1382,7 +1390,7 @@ > > log_init(__progname, log_level, log_facility, log_stderr); > >- while (!skipargs && (ch = getopt(argc, argv, "f:l:u:cehR")) != -1) { >+ while (!skipargs && (ch = getopt(argc, argv, "f:l:u:m:cehR")) != -1) { > switch (ch) { > case 'R': > readonly = 1; >@@ -1415,6 +1423,15 @@ > fatal("Invalid umask \"%s\"", optarg); > (void)umask((mode_t)mask); > break; >+ case 'm': >+ /* Force permissions on file received via sftp */ >+ permforce = 1; >+ permforcemode = strtol(optarg, &cp, 8); >+ if (permforcemode < 0 || permforcemode > 0777 || >+ *cp != '\0' || (permforcemode == 0 && >+ errno != 0)) >+ fatal("Invalid file mode \"%s\"", optarg); >+ break; > case 'h': > default: > sftp_server_usage();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1973">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1844
:
1973
|
2547
|
2872
|
3096
|
3098