[LAU] OT: seeking help with uploading files via sftp and preventing their subsequent deletion

[Len Ovens]

On Fri, 10 Oct 2014, Ivica Ico Bukvic wrote:

> On 10/10/2014 05:08 PM, Len Ovens wrote:
>> On Fri, 10 Oct 2014, Ivica Ico Bukvic wrote:
>> 
>>> So, everything works, except no matter what permissions assign via umask, 
>>> even if I change ownership manually via a different ssh user session, sftp 
>>> client can still erase the file. How is this possible? And more 
>>> importantly, how can one circumvent that? And perhaps most importantly is 
>>> there an easier way to do this?
>>> 
>>> Below are permissions of folders in question:
>>> 
>>> drwxr-xr-x 3 root USER 4096 Oct 10 15:21 .
>>> drwxr-xr-x 36 root root 4096 Oct 7 12:16 ..
>>> drwxr-xr-x 2 USER sftponly 4096 Oct 10 19:39 submissions
>>> 
>>> Any idea how this can be fixed?
>> 
>> I don't know how easy it would be to do, but on uploading, create a hard 
>> link to a file in a directory on the same drive where the user does not 
>> have access. The hard link can have a different owner/permitions. Once the 
>> upload is complete, unlink the original uploaded file. This is effectively 
>> a mv, but with owner/permitions changed. The file doesn't have to be fully 
>> uploaded before the link is created so long as the filename is already in 
>> the directory.... but watch for an sftp client that uploads under an upload 
>> name, but creates a zero length file with the final uploaded name to save 
>> the file name on the disk and then mv the uploaded file to that name. You 
>> may have to look for both names. (they are normally similar) You could 
>> write a simple service that just watches the upload directory for new files 
>> and fixes them that way.
>
> Thanks for the advice. This, however, needs to be as automated as possible, 
> meaning we give access to submitter and they do it all themselves.

It is automated. A script (bash, perl, python, whatever) is created in the 
form:

----------------------8<---------------
$time = time

while 1 {

if (directory modified since $time)
 	look for files created since time.
 	check if upload is complete
 	create hard link to another directory
 	set perm
 	unlink uploaded file
 	$time = time
wait a second (save cpu cycles)
}
-------------------8<------------------

Run this from /etc/init.d

It may be simpler to watch a log file looking for sftp files that have 
been uploaded to that directory by running /log/logfile through tail -f 
and parsing.


It should run as a different user than any login name (no password) and 
the directory/files should be read only by anyone else.

Just a thought, does changing the owner of the file as well as perm have 
any effect? Generally the owner of a readonly file can still delete it. rm 
asks first, sftp may not. The owner can change the write bit for their own 
file and sftp may try to do so and delete if successful.


--
Len Ovens
www.ovenwerks.net