Bug 187384 - Add umask configuration support to sftp-server
Add umask configuration support to sftp-server
Status: CLOSED UPSTREAM
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
http://sftplogging.sourceforge.net/
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-30 12:23 EST by Jonathan Abbey
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-04 11:15:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jonathan Abbey 2006-03-30 12:23:00 EST
Description of problem:

Red Hat's OpenSSH RPMs do not include the popular sftplogging patch from
http://sftplogging.sourceforge.net/, which makes it possible to use sftp-server
for site management in a reasonable fashion.

Version-Release number of selected component (if applicable):

All versions

I've made my own RPM set based on the RHEL4U3 OpenSSH RPM 3.9p1-8.RHEL4.12 src
rpm, incorporating this patch, but this functionality is desireable enough that
it would be nice for Red Hat to support it.

A number of vendors, including Gentoo and HP-UX, already incorporate this patch.

I can provide my modified .src.rpm, if desired.
Comment 1 Jonathan Abbey 2006-03-30 13:29:58 EST
I've just done some research on this patch in the OpenSSH archives, and the
OpenSSH team has resisted this patch due to implementation issues (the use of
environment variables to pass data between sshd and sftp-server, etc.).

I'm looking at crafting a new patch that has better security characteristics in
the interfacing between sshd and sftp-server.  I'll look at submitting it
upstream to the OpenSSH folks.  If it goes well, I'll spin an RPM for RHEL4 and
see about providing the src here.
Comment 2 Tomas Mraz 2006-04-04 11:15:47 EDT
We try to keep as close to upstream as possible so we don't add conflicting
command-line options or other incompatibilities with future upstream releases.
Please reopen this bug after the patch was accepted upstream.

Note You need to log in before you can comment on or make changes to this bug.