1

I'd like to prevent users from deleting files they have uploaded to my sftp server. I know I could set up a solution of my own using inotify/dnotify (or pam hook) and lsof which triggers a script to do something such as chattr +i $filename after a file is uploaded and closed. But I wonder if there is something already available as a feature or a solution already vetted and available of which I'm not aware.

The current setup is that I'm using openssh sftp and users are jailed upon connecting.

Kenster
  • 2,152
  • 16
  • 16
RaWkStAr
  • 33
  • 8

2 Answers2

1

If you add your sftp-server umask option -u with parameter 0222, new uploaded files will be created with above mentioned umask, which means they will not have write access for their files, so they will not be able to delete the files.

The line in your sshd_config will look something like this:

Subsystem sftp internal-sftp -u 0222
Jakuje
  • 9,715
  • 2
  • 42
  • 45
  • Very nice. I didn't see this in the man page for sshd_config because it's in the man page for sftp-server / internal-sftp. Because I'm using a `Match Group ...` block for users of a certain group to make sure they're jailed, I think It will look like this, no? `Match Group chrooted` ...other lines ... `ForceCommand internal-sftp -u 0222` – RaWkStAr Aug 18 '15 at 22:11
  • using `ForceCommand internal-sftp -u 0222` in the match block indeed created the file as `-r--r--r--` but I was able to delete the file. I was also able to chmod the file to other perms. – RaWkStAr Aug 18 '15 at 22:34
  • 1
    Hmm. Chmod should be possible to disable using `-P` option to sftp-server. But if user is able to delete the file, then there is something wrong ... – Jakuje Aug 19 '15 at 06:37
  • if a user has mode 0444 on a file, deletion is still possible. – RaWkStAr Aug 19 '15 at 14:10
  • The mode of the file is not relevant to the deletion of the file. The deletion is authorized or not accordig to the write bit on the containing directory. A shell will probably give a warning or ask for confirmation when deleting a read-only file, but it is just a warning. – Law29 Oct 18 '21 at 21:04
1

Look at lsyncd(http://code.google.com/p/lsyncd/). It will provide inotify=>action part for your solution. It will look like this:

cat /etc/lsyncd.conf 
settings {
    logfile    = "/var/log/lsyncd.log",
    statusFile = "/var/run/lsyncd.status",
    nodaemon   = false,
    insist     = true,
}

-- config action
my_config = {
    delay = 10,
    maxProcesses = 1,
    onCreate  = "chattr +i -R /path/to/dir/*",
}

sync { my_config,
    source="/path/to/dir/",
}
-- EOF

you can change onCreate action for better logic, maybe run a script which will find uploaded files and set chattr +i.

Navern
  • 1,619
  • 1
  • 10
  • 14
  • you saw that I'm using openssh sftp, correct? It's not an option for me to switch to vsftpd at this time. – RaWkStAr Aug 18 '15 at 21:52
  • Em...actually it's doesn't matter what daemon you use – Navern Aug 18 '15 at 21:54
  • I've removed word vsftpd for more clarity – Navern Aug 18 '15 at 21:56
  • Your example worked, and I was able to install it as an official debian package. It's also available from the epel repository. I did have to make some changes though. /etc/lsyncd.conf didn't work. When I opened the systemd unit startup script for lsyncd I saw that it expected its config file to be at `/etc/lsyncd/lsyncd.conf.lua` ...After tweaking that, things worked well! – RaWkStAr Aug 18 '15 at 22:53
  • Working example with lsyncd: sftp> put foo Uploading foo to /upload/foo foo sftp> rm foo Removing /upload/foo Couldn't delete file: Permission denied – RaWkStAr Aug 18 '15 at 23:06
  • 1
    Glad that my solution helped you:) – Navern Aug 19 '15 at 13:53