pkg / sftp

SFTP support for the go.crypto/ssh package
BSD 2-Clause "Simplified" License
1.52k stars 380 forks source link

sftp server set custom root path #509

Closed juliojmjc closed 2 years ago

juliojmjc commented 2 years ago

Hello, exist some kind of function to set to each client the own root folder access? like: user1 -> /home/user1, usern -> /home/usern

puellanivis commented 2 years ago

It looks like we have not yet released a new version including this option but: https://github.com/pkg/sftp/pull/498 should do what you’re looking for.

shanehooker commented 2 years ago

It looks like we have not yet released a new version including this option but: #498 should do what you’re looking for.

Is #498 merged to master? I am also wanting to provide a landing path for an sftp client. I was looking for a function that provided the ability to run 'sftp-server -d [myLandingPath]'

drakkan commented 2 years ago

Hi,

498 is included in v1.13.5

shanehooker commented 2 years ago

I am confused as to how to use sftp.NewRequestServer() with InMemHandler() and WithStartDirectory(). Is there an example?

I need to implement an sftp-server which will set the starting directory (aka landing path) to be an absolute path which is user configurable. The problem I'm seeing is that although an sftp client can connect and it appears that it changes to the /var/tmp directory which is I've configured in my program, the client cannot see read, put, or see any files in that directory but I know it does exist and is accessible.

server := sftp.NewRequestServer(

 channel,
 sftp.InMemHandler(),
 sftp.WithStartDirectory("/var/tmp"))

Authenticated to 168.25.25.2 ([168.25.25.2]:2022). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: pledge: network debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending subsystem: sftp debug1: client_input_channel_req: channel 0 rtype cd /var/tmp reply 1 Connected to 168.25.25.2.

sftp> pwd Remote working directory: /var/tmp sftp> ls remote readdir("/var/tmp"): No such file or directory sftp>

On Thu, Sep 22, 2022 at 12:17 PM Nicola Murino @.***> wrote:

Closed #509 https://github.com/pkg/sftp/issues/509 as completed.

— Reply to this email directly, view it on GitHub https://github.com/pkg/sftp/issues/509#event-7441146057, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKLATV2UVIE3PPA57LWOBMTV7SBB7ANCNFSM5XHFHWQA . You are receiving this because you commented.Message ID: @.***>

puellanivis commented 2 years ago

Using the sftp.WithStartDirectory() does not guarantee that this path actually exists. Clients are expected to maintain their own state about what remote directory is the current working directory on the client side. If the server tells it that it is in /supercalifragilisticexpialidocious then the client will believe the server, even if that path does not exist. It will then make requests as if that were the current working directory, even if that path does not exist.

Again, the client thinking it is in the /foo/bar directory has no bearing on if that path actually exists. If the server says that’s the current working directory, the client has no choice but to assume it does. No checks are made prior to connection that the WithStartDirectory(path) exists within the request server.

In order to use this properly, you need to ensure that the /foo/bar directory passed into WithStartDirectory("/foo/bar") exists in the sftp.InMemHandler() before the client connects. The InMemoryHandler starts as an empty filesystem with only the root directory /. Since this is an in memory handler, chrooting it does not really make sense. No changes can be made to the underlying real filesystems, as it is entirely in memory, and lost at service restart.