bugzilla-daemon at bugzilla
Feb 12, 2012, 11:39 AM
Post #1 of 1
[Bug 1979] New: Enhancement patch: Restrict sftp-server to basic commands, by user or group
Bug #: 1979
Summary: Enhancement patch: Restrict sftp-server to basic
commands, by user or group
Product: Portable OpenSSH
AssignedTo: unassigned-bugs [at] mindrot
ReportedBy: jdmossh [at] nand
Created attachment 2128
Patch versus 5.9p1
This patch adds the ability to restrict an sftp-server user to just
basic commands such as get, put, readdir, and readlink, and prohibit
mkdir, rmdir, rename, symlink, setstat and their equivalents.
It comes with an sshd_config option (RestrictSFtpSysToBasics) which can
be global or in a Match block.
I've found it helpful, and that request occasionally comes up on the
Please give feedback and consider it for inclusion. Patches are
attached against both 5.9p1 and openbsd's 5.9.
A more advanced enhancement might let the server admin specify which
commands to permit/deny; I think this is a good start.
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
openssh-bugs mailing list
openssh-bugs [at] mindrot