Request addition of Fedora / Redhat "sftp-force-permissions" patch
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| portable OpenSSH |
Unknown
|
Unknown
|
|||
| openssh (Debian) |
Confirmed
|
Unknown
|
|||
| openssh (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
Fedora / Redhat ships openssh with a patch which adds "-m force permission" flag to sftp-server.
This is quite a common feature request / support request on the various stackexchange sites - https:/
You will see that someone has answered "add -m" there which is indeed the simplest answer by a distance but unfortunately it's a non standard patch:
https:/
This I think should supersede #563216 because they have been shipping this in production presumably since at least 2015 (I see it in fedora 22 branch), so it is a known stable patch compared to the one suggested there.
| Paride Legovini (paride) wrote | #1 |
| Changed in openssh (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
| Changed in openssh (Debian): | |
| status: | Unknown → Confirmed |
Hi Mark and thanks for this bug report. I can see how the flag introduced by the "sftp-force-
My suggestion here is to:
- Poke upstream about this. Note that they may have a good rationale for *not* including the patch, given that it's small and they didn't already do so.
- File a bug in Debian. The Ubuntu openssh package is almost a sync from Debian, which is another good reason to avoid including an additional delta to it, with all its long-term implications (old memories here: [1]). If Debian includes the patch then Ubuntu will pick it up with the following package syncs or merges.
I'm going to triage this as a Wishlist bug for now. This is not a final word, but I doubt the importance of this bug is likely to be bumped without a compelling use case that would be enabled by adding the patch.
[1] https:/