Bug 430

Summary:

Could add option to sftp-server to disable write access

Product:

Portable OpenSSH

Reporter:

gfernandez

Component:

sftp-server

Assignee:

OpenSSH Bugzilla mailing list <openssh-bugs>

Status:

CLOSED FIXED

Severity:

enhancement

CC:

djm, dtucker, shaken

Priority:

Version:

-current

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

1626

Attachments:

Description	Flags
adds readonly flag to sftp-server	none
Another sftp restriction patch	none
/home/djm/sftp-ro.diff	dtucker: ok+

Description gfernandez 2002-11-08 00:31:23 AEDT

This considers adding a flag to the sftp-server which would disable all write 
operations on the server, effectively making the server readonly.

Comment 1 gfernandez 2002-11-08 00:32:25 AEDT

Created attachment 173 [details]
adds readonly flag to sftp-server

this applies to sftp-server.c

Comment 2 Damien Miller 2004-03-31 10:35:27 AEST

Created attachment 586 [details]
Another sftp restriction patch

This is another sftp restriction patch that has been floating around. I think I
prefer chroot through, but that requires sftp-server to be setuid.

Comment 3 Damien Miller 2005-04-21 19:02:29 AEST

hm, these really need extension of sshd's Subsystem directive to accept a
commandline argument.

Comment 4 Darren Tucker 2009-08-28 12:04:20 AEST

You can do this with the shiny new just-added sftp-server -u option: set it to mask off the write bits, eg in sshd_config:

Subsystem sftp sftp-server -u 0222

however this won't be available until the 5.4 release.

Comment 5 Darren Tucker 2009-08-28 12:26:34 AEST

Note to self: read bugs properly before closing.

Comment 6 Damien Miller 2010-01-04 14:00:26 AEDT

Created attachment 1763 [details]
/home/djm/sftp-ro.diff

Adds a -R commandline option to disable writes and other filesystem-
modifying options.

Comment 7 Darren Tucker 2010-01-05 11:27:32 AEDT

Comment on attachment 1763 [details]
/home/djm/sftp-ro.diff

>-.Op Fl eh
>+.Op Fl Reh

Aren't these supposed to be alphabetized?

>-	    "usage: %s [-eh] [-f log_facility] [-l log_level] [-u umask]\n",
>+	    "usage: %s [-Reh] [-f log_facility] [-l log_level] [-u umask]\n",

Ditto.

>-	while (!skipargs && (ch = getopt(argc, argv, "f:l:u:che")) != -1) {
>+	while (!skipargs && (ch = getopt(argc, argv, "f:l:u:Rche")) != -1) {

Ditto.

Other than that it looks OK to me.

Comment 8 Damien Miller 2010-01-09 11:21:15 AEDT

patch applied, will be in 4.5p1

Comment 9 Darren Tucker 2010-03-26 10:51:29 AEDT

With the release of 5.4p1, this bug is now considered closed.

Comment 10 shakenfr 2010-07-15 22:17:30 AEST

hello,
Is this bug can explain my problem on RedhHat 5.3 and Openssh 4.3p2 ?

- on server /exec is in Read-Write mode
- I create a Readonly mount of /exec   (bind,ro) for a chrroted account
- ssh denied correctly the write in /exec (bind,ro)
But
  sftp executed by chrooted user can write into /exec (bind,ro) !!!!

??