Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
while being connected via sftp - the usage of symlink will always
create a link with a absolute path. this leads to invalid links
when using chrooted sftp connections.
Version-Release number of selected component (if applicable):
rpm -q openssh
openssh-5.3p1-94.el6.x86_64
How reproducible:
create chroot config like
tail -16 /etc/ssh/sshd_config
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Subsystem sftp internal-sftp
Match Group myexamplegroup
ForceCommand internal-sftp
AllowTcpForwarding no
ChrootDirectory /myexampleroot/service/
X11Forwarding no
---
login via sftp (with an user in group myexamplegroup)
and do something like this in a subdirectory:
symlink ../example/ test
the result is only valid while being in the sftp session.
outside the chroot the link points to
test -> /myexampleroot/service/subdir/../example/
which is not valid
Expected results:
relative links
Works for me with sftp client from RHEL-6
sftp> symlink ../bin bin-link
debug3: Wrote 80 bytes for a total of 2797
debug3: Sent message SSH2_FXP_SYMLINK "../bin" -> "/a/bin-link"
debug3: SSH2_FXP_STATUS 0
But I can reproduce this issue using RHEL-7's sftp:
sftp> symlink ../bin bin-link
debug3: Sent message SSH2_FXP_SYMLINK "/a/../bin" -> "/a/bin-link"
debug3: SSH2_FXP_STATUS 0
RHEL-7 bug - #1084079
indeed it seems to be on client side. i was
connecting from an osx client to a EL6 server.
this sftp clients works:
========================
el5$ ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
el6$ ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
this sftp client does NOT works:
=================================
osx$ ssh -V
OpenSSH_5.9p1, OpenSSL 0.9.8y 5 Feb 2013
server side for both el5 and el6
Despite that it works in the rhel ecosystem.
we have customers that login from
# ssh -v 2>&1 |head -1
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
# cat /etc/debian_version
7.8
I have openssh 6.7p1_0 tested under OSX via macports tested
but can not create a valid symlink.
Is this fixed in the upstream project? So that newer releases/sftp clients
from other distributions can be used to create valid symlinks?
I do not expect this to be a valid behaviour. So, what path should one go
to fix this?