Project

General

Profile

Actions

Feature #15203

open

Option to allow customized user home directory permissions to be preserved

Added by Ronald Antony 10 months ago. Updated 10 months ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
User Manager / Privileges
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

It is well intentioned and improves system security in general, that proper home directory ownerships are maintained.
Thus, the resetting of directory ownerships upon reboot is a fundamentally good idea, HOWEVER...

...if a user is created with privilege User - System: Copy files to home directory (chrooted scp) then for /usr/local/bin/scponly to work properly the chrooted home directory of such a user MUST be owned by root, and NOT the user!

The result is, that with each reboot, the ability to sftp/scp with that users credential stops working.

As a workaround, one can of course create a crontab entry that executes \@reboot and executes the following command:
/bin/sleep 300 && /bin/test -d /home/acme && /bin/test ! -O /home/acme && /usr/sbin/chown root /home/acme
but that's really not how it should work, having to work against the system...

The full background of this and related issues can be found here:

https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6

Actions

Also available in: Atom PDF