[LAU] OT: seeking help with uploading files via sftp and preventing their subsequent deletion
len at ovenwerks.net
Fri Oct 10 21:08:25 UTC 2014
On Fri, 10 Oct 2014, Ivica Ico Bukvic wrote:
> So, everything works, except no matter what permissions assign via umask,
> even if I change ownership manually via a different ssh user session, sftp
> client can still erase the file. How is this possible? And more importantly,
> how can one circumvent that? And perhaps most importantly is there an easier
> way to do this?
> Below are permissions of folders in question:
> drwxr-xr-x 3 root USER 4096 Oct 10 15:21 .
> drwxr-xr-x 36 root root 4096 Oct 7 12:16 ..
> drwxr-xr-x 2 USER sftponly 4096 Oct 10 19:39 submissions
> Any idea how this can be fixed?
I don't know how easy it would be to do, but on uploading, create a hard
link to a file in a directory on the same drive where the user does not
have access. The hard link can have a different owner/permitions. Once the
upload is complete, unlink the original uploaded file. This is effectively
a mv, but with owner/permitions changed. The file doesn't have to be fully
uploaded before the link is created so long as the filename is already in
the directory.... but watch for an sftp client that uploads under an
upload name, but creates a zero length file with the final uploaded name
to save the file name on the disk and then mv the uploaded file to that
name. You may have to look for both names. (they are normally similar) You
could write a simple service that just watches the upload directory for
new files and fixes them that way.
More information about the Linux-audio-user