Skip to content

Commit

Permalink
ensure sshd init/edit results in optimal file permissions #2501
Browse files Browse the repository at this point in the history 
During sshd sftp initialisation use os.open rather than
build-in to enable permissions on edited/created sshd sftp
files.
  • Loading branch information
@phillxnet
phillxnet committed May 24, 2023
1 parent f83d861 commit 974398f
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/rockstor/system/ssh.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import re
import platform
import shutil
import stat
from shutil import move, copy
from tempfile import mkstemp

Expand Down Expand Up @@ -88,7 +89,10 @@ def init_sftp_config(sshd_config=None):
logger.info("SSHD - Creating new configuration file ({}).".format(sshd_config))
# Set AllowUsers and Subsystem sftp-internal if not already in-place.
# N.B. opening mode "a+" creates this file if it doesn't exist - rw either way.
with open(sshd_config, "a+") as sfo:
# Post Python 3, consider build-in open with custom opener.
with os.fdopen(
os.open(sshd_config, os.O_RDWR | os.O_CREAT, stat.S_IRUSR | stat.S_IWUSR), "a+"
) as sfo:
found = False
for line in sfo.readlines():
if (
Expand Down

0 comments on commit 974398f

Please sign in to comment.