mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lyor Goldstein <lgoldst...@apache.org>
Subject Re: Help on permissions on SCP and SFTP operations
Date Sat, 17 Oct 2020 06:10:12 GMT
>>  The use case is beforeany file operations I need to check whether the
user in session is having  permissions to carry on the operations,

This involves registering your own SftpFileSystemAccessor via:

      SftpSubsystemFactory factory =
           new SftpSubsystemFactory.Builder()
                .withFileSystemAccessor(new MySftpFileSystemAccessor())
                .with...
                .with...
                .build()
        sshd.shd.setSubsystemFactories(Collections.singletonList(factory));

       class MySftpFileSystemAccessor implements  SftpFileSystemAccessor {
              ...override whatever methods you need and check access
permissions...
        }

        If instead you want to override the actual raw  SFTP command then
you need to sub-class SftpSubsystem - which I cannot guarantee to
satisfy all your needs.

As far as SCP goes, you could register an ScpTransferEventListener and
examine each upload/download request and throw an exception if user does
not have the right permissions for the source/target.

If more fine-grained control is required, then I'm afraid you will have to
provide your own FileSystem implementation. If you do that you could use it
not only for  SCP but also for SFTP (you can see
our RootedFileSystemProvider as an example)

>> along with that we have a logic to check whether the command is valid or
not

I don't understand what "valid command" means - if it is valid SCP/SFTP
command the server will execute it, otherwise it will reject it.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message