Bug 187384

Summary: Add umask configuration support to sftp-server
Product: Red Hat Enterprise Linux 4 Reporter: Jonathan Abbey <jonabbey>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED UPSTREAM QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://sftplogging.sourceforge.net/
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-04-04 15:15:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jonathan Abbey 2006-03-30 17:23:00 UTC
Description of problem:

Red Hat's OpenSSH RPMs do not include the popular sftplogging patch from
http://sftplogging.sourceforge.net/, which makes it possible to use sftp-server
for site management in a reasonable fashion.

Version-Release number of selected component (if applicable):

All versions

I've made my own RPM set based on the RHEL4U3 OpenSSH RPM 3.9p1-8.RHEL4.12 src
rpm, incorporating this patch, but this functionality is desireable enough that
it would be nice for Red Hat to support it.

A number of vendors, including Gentoo and HP-UX, already incorporate this patch.

I can provide my modified .src.rpm, if desired.

Comment 1 Jonathan Abbey 2006-03-30 18:29:58 UTC
I've just done some research on this patch in the OpenSSH archives, and the
OpenSSH team has resisted this patch due to implementation issues (the use of
environment variables to pass data between sshd and sftp-server, etc.).

I'm looking at crafting a new patch that has better security characteristics in
the interfacing between sshd and sftp-server.  I'll look at submitting it
upstream to the OpenSSH folks.  If it goes well, I'll spin an RPM for RHEL4 and
see about providing the src here.

Comment 2 Tomas Mraz 2006-04-04 15:15:47 UTC
We try to keep as close to upstream as possible so we don't add conflicting
command-line options or other incompatibilities with future upstream releases.
Please reopen this bug after the patch was accepted upstream.