Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Bugs

[Bug 1979] New: Enhancement patch: Restrict sftp-server to basic commands, by user or group

 

 

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded


bugzilla-daemon at bugzilla

Feb 12, 2012, 11:39 AM

Post #1 of 1 (93 views)
Permalink
[Bug 1979] New: Enhancement patch: Restrict sftp-server to basic commands, by user or group

https://bugzilla.mindrot.org/show_bug.cgi?id=1979

Bug #: 1979
Summary: Enhancement patch: Restrict sftp-server to basic
commands, by user or group
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sftp-server
AssignedTo: unassigned-bugs [at] mindrot
ReportedBy: jdmossh [at] nand


Created attachment 2128
--> https://bugzilla.mindrot.org/attachment.cgi?id=2128
Patch versus 5.9p1

This patch adds the ability to restrict an sftp-server user to just
basic commands such as get, put, readdir, and readlink, and prohibit
mkdir, rmdir, rename, symlink, setstat and their equivalents.

It comes with an sshd_config option (RestrictSFtpSysToBasics) which can
be global or in a Match block.

I've found it helpful, and that request occasionally comes up on the
openssh-unix-dev list.

Please give feedback and consider it for inclusion. Patches are
attached against both 5.9p1 and openbsd's 5.9.

A more advanced enhancement might let the server admin specify which
commands to permit/deny; I think this is a good start.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.