]>
Commit | Line | Data |
---|---|---|
17d728c8 SS |
1 | diff -up openssh-6.8p1/sftp-server.8.sftp-force-mode openssh-6.8p1/sftp-server.8 |
2 | --- openssh-6.8p1/sftp-server.8.sftp-force-mode 2015-03-17 06:49:20.000000000 +0100 | |
3 | +++ openssh-6.8p1/sftp-server.8 2015-03-18 13:18:05.898306477 +0100 | |
4 | @@ -38,6 +38,7 @@ | |
5 | .Op Fl P Ar blacklisted_requests | |
6 | .Op Fl p Ar whitelisted_requests | |
7 | .Op Fl u Ar umask | |
8 | +.Op Fl m Ar force_file_perms | |
9 | .Ek | |
10 | .Nm | |
11 | .Fl Q Ar protocol_feature | |
12 | @@ -138,6 +139,10 @@ Sets an explicit | |
13 | .Xr umask 2 | |
14 | to be applied to newly-created files and directories, instead of the | |
15 | user's default mask. | |
16 | +.It Fl m Ar force_file_perms | |
17 | +Sets explicit file permissions to be applied to newly-created files instead | |
18 | +of the default or client requested mode. Numeric values include: | |
19 | +777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set. | |
20 | .El | |
21 | .Pp | |
22 | On some systems, | |
23 | diff -up openssh-6.8p1/sftp-server.c.sftp-force-mode openssh-6.8p1/sftp-server.c | |
24 | --- openssh-6.8p1/sftp-server.c.sftp-force-mode 2015-03-18 13:18:05.883306513 +0100 | |
25 | +++ openssh-6.8p1/sftp-server.c 2015-03-18 13:18:36.697232193 +0100 | |
26 | @@ -70,6 +70,10 @@ struct sshbuf *oqueue; | |
27 | /* Version of client */ | |
28 | static u_int version; | |
29 | ||
30 | +/* Force file permissions */ | |
31 | +int permforce = 0; | |
32 | +long permforcemode; | |
33 | + | |
34 | /* SSH2_FXP_INIT received */ | |
35 | static int init_done; | |
36 | ||
37 | @@ -693,6 +697,10 @@ process_open(u_int32_t id) | |
38 | debug3("request %u: open flags %d", id, pflags); | |
39 | flags = flags_from_portable(pflags); | |
40 | mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666; | |
41 | + if (permforce == 1) { /* Force perm if -m is set */ | |
42 | + mode = permforcemode; | |
43 | + (void)umask(0); /* so umask does not interfere */ | |
44 | + } | |
45 | logit("open \"%s\" flags %s mode 0%o", | |
46 | name, string_from_portable(pflags), mode); | |
47 | if (readonly && | |
48 | @@ -1495,7 +1503,7 @@ sftp_server_usage(void) | |
49 | fprintf(stderr, | |
50 | "usage: %s [-ehR] [-d start_directory] [-f log_facility] " | |
51 | "[-l log_level]\n\t[-P blacklisted_requests] " | |
52 | - "[-p whitelisted_requests] [-u umask]\n" | |
53 | + "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n" | |
54 | " %s -Q protocol_feature\n", | |
55 | __progname, __progname); | |
56 | exit(1); | |
57 | @@ -1520,7 +1528,7 @@ sftp_server_main(int argc, char **argv, | |
58 | pw = pwcopy(user_pw); | |
59 | ||
60 | while (!skipargs && (ch = getopt(argc, argv, | |
61 | - "d:f:l:P:p:Q:u:cehR")) != -1) { | |
62 | + "d:f:l:P:p:Q:u:m:cehR")) != -1) { | |
63 | switch (ch) { | |
64 | case 'Q': | |
65 | if (strcasecmp(optarg, "requests") != 0) { | |
66 | @@ -1580,6 +1588,15 @@ sftp_server_main(int argc, char **argv, | |
67 | fatal("Invalid umask \"%s\"", optarg); | |
68 | (void)umask((mode_t)mask); | |
69 | break; | |
70 | + case 'm': | |
71 | + /* Force permissions on file received via sftp */ | |
72 | + permforce = 1; | |
73 | + permforcemode = strtol(optarg, &cp, 8); | |
74 | + if (permforcemode < 0 || permforcemode > 0777 || | |
75 | + *cp != '\0' || (permforcemode == 0 && | |
76 | + errno != 0)) | |
77 | + fatal("Invalid file mode \"%s\"", optarg); | |
78 | + break; | |
79 | case 'h': | |
80 | default: | |
81 | sftp_server_usage(); |