Feature #15203
open
Option to allow customized user home directory permissions to be preserved
0%
Description
It is well intentioned and improves system security in general, that proper home directory ownerships are maintained.
Thus, the resetting of directory ownerships upon reboot is a fundamentally good idea, HOWEVER...
...if a user is created with privilege User - System: Copy files to home directory (chrooted scp) then for /usr/local/bin/scponly to work properly the chrooted home directory of such a user MUST be owned by root, and NOT the user!
The result is, that with each reboot, the ability to sftp/scp with that users credential stops working.
As a workaround, one can of course create a crontab entry that executes \@reboot and executes the following command:/bin/sleep 300 && /bin/test -d /home/acme && /bin/test ! -O /home/acme && /usr/sbin/chown root /home/acme
but that's really not how it should work, having to work against the system...
The full background of this and related issues can be found here:
Updated by