Restrict scp upload (no download, umask)

2010-03-03
2013-04-25
  • I would like to configure lshell that only an upload with scp is possible and afterwards no download is possible. I would also like to set own file permissions on the uploaded file (umask or forced permission).
    Is that possible?

     
  • Hello,

    lshell doesn't allow you to force the permission of a file upon upload. I will work on this for a future release.

    I will try to work on the implementing scp_upload and scp_download flags to allow or forbid respectively uploading or downloading files via SCP. Thank you for this idea! :)

    You can already configure this by adding 'scp -f' and 'scp -r -f' in the "forbidden" field of the configuration file.

    Hope this helps you out.

    Cheers,
    Ignace M

     
  • Thanks a lot for this suggestion. I will try it soon. I can't find in the manpage the -f option for scp. What's that for?

    An other way to solve to upload-only request is to set rx permission for the user on the upload directory.

    ls -ld upload
    d-wx---- 2 batch ssh-user 51 Mar  5 16:07 upload

    For the umask request I found no workaround so far.

     
  • Sorry cut&paste from a "ls" output don't work in this editor (message above).

     
  • sf.net interface messes up the output… I got it right by email ;)

    Thank you for this suggestion!

    Cheers,
    Ignace M

     
  • Sorry, I made a mistake in testing the permission "300" on the upload directory isn't working as I tought. I will try your suggestions with the scp options but I can't find a description for the "-f"  option.

    Do you mean such an entry:

    scp             : 1
    forbidden       :

     
  • This is exactly what I meant.

    These flags are not documented in the scp man page. I'm not sure why..

    Tell me if this works out well for you.

    Cheers,
    Ignace M

     
  • It does not work unfortunately. I can download (scp) previously upload files.

     
  • What version of lshell are you using?

     
  • lshell -version
    lshell-0.9.8 - Limited Shell

     
  • Sorry for the delay in my answer.

    It seems it is not possible to do this with the current versions of lshell.

    I will try work on this this week, and implement scp_onlyupload / scp_onlydownload.

    I'll keep you posted.

    Cheers,
    Ignace M

     
  • Retep Grubanov
    Retep Grubanov
    2010-03-31

    ghantoos, do you have news to this topic? .. Retep

     
  • Hi Retep,

    As I have been swamped for the past weeks (and the upcoming one..), I did not find the time to code on lshell.

    I will try working on this in a week or so.

    Sorry this.

    Cheers,
    Ignace M

     
  • Retep Grubanov
    Retep Grubanov
    2010-03-31

    No Problem, thanks for the update .. Retep

     
  • Hello Retep,

    A new version of lshell (0.9.12) was released adding this feature.

    Cheers,
    Ignace M

     
  • Retep Grubanov
    Retep Grubanov
    2010-06-11

    Hello Ignace,

    thanks for your work.  The feature "forbid scp download" is working fine. Can I also set a specific umask?

    Greetings .. Retep (holidays until 21.06 :-)

     
  • Hello Retep,

    I am glad the feature is working well. Thank you for your idea. :)

    I will be quite swamped this month. I will try to work on this as soon as possible.

    Cheers,
    Ignace M