Bug 1715 - Integrate patch to provide ability to force 'umask' in sftp-server
Summary: Integrate patch to provide ability to force 'umask' in sftp-server
Status: CLOSED DUPLICATE of bug 1229
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sftp-server (show other bugs)
Version: 5.3p1
Hardware: All All
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-24 04:45 AEDT by Dennis Jenkins
Modified: 2010-04-16 15:51 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dennis Jenkins 2010-02-24 04:45:09 AEDT 
Hello,

     I need to control the umask of files uploaded to an SFTP server running on Gentoo Linux.  Fortunately, Michael Martinez created just such a patch a long time ago [1].  He has been maintaining it on his own (my efforts to contact him have failed though).

     Unfortunately, I have a strong need for the install of all packages on our servers to be managed through the built-in package management system.  A manually installed version of openssh would get clobbered on each system update.

     If at all possible I would like the openssh development group to review his patch and consider it for inclusion into the openssh mainline.

     Before approaching the openssh group I had posted a feature request on the Gentoo Bugzilla [2].  The Gentoo team suggested that I bring the request to your attention first (makes sense to me).

     I would greatly appreciate any efforts in reviewing, approving and integrating this patch.  I am certainly willing to help test it.  If the openssh team integrates this patch, or similar functionality, then I will work with the Gentoo team to get them to update their openssh package.

     A little more information about my actual use case:

     I use the "chroot" and "internal-sftp" features.  I have the following in my "/etc/ssh/sshd_config" file:

Match group scponly
        ChrootDirectory /ftp-jail/%u
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -l VERBOSE

     With this patch I am hoping that I can add "-sftpumask 0000" to the "ForceCommand" option.  The Gentoo (and Debian as I understand it) daemon monitoring program "start-stop-daemon" is used to manage the master "sshd" process.  This daemon sets the umask to "0022".   sshd and the internal sftp server do not appear to ever over-ride that setting.  I did some "strace" tests on the sshd process as I uploaded a file.  I observed that while the file was opened with file access mode "0666" the resulting file on disk (actually an NFS share) was mode 0644.  My ultimate goal is to force the file to be 0666 (non-root processes need to be able to rename / move these uploaded files before processing them and possibly delete them afterwards).


     Thank you for your time.


[1a] http://sftpfilecontrol.sourceforge.net

[1b] http://sftpfilecontrol.sourceforge.net/download/v1.3/openssh-5.3p1.sftpfilecontrol-v1.3.patch

[2] http://bugs.gentoo.org/show_bug.cgi?id=305455
Comment 1 Damien Miller 2010-02-24 05:34:54 AEDT 

*** This bug has been marked as a duplicate of bug 1229 ***
Comment 2 Damien Miller 2010-04-16 15:51:22 AEST 
Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1