mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lyor Goldstein (Jira)" <j...@apache.org>
Subject [jira] [Commented] (SSHD-1093) Help on permissions on SCP and SFTP operations
Date Thu, 22 Oct 2020 15:34:00 GMT

    [ https://issues.apache.org/jira/browse/SSHD-1093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17219109#comment-17219109
] 

Lyor Goldstein commented on SSHD-1093:
--------------------------------------

I believe I provided some answers to this issue on the dev@mina.apache.org mailing list:
{quote}
>>  The use case is beforeany file operations I need to check whether the
user in session is having  permissions to carry on the operations,

This involves registering your own SftpFileSystemAccessor via:

      SftpSubsystemFactory factory =
           new SftpSubsystemFactory.Builder()
                .withFileSystemAccessor(new MySftpFileSystemAccessor())
                .with...
                .with...
                .build()
        sshd.shd.setSubsystemFactories(Collections.singletonList(factory));

       class MySftpFileSystemAccessor implements  SftpFileSystemAccessor {
              ...override whatever methods you need and check access
permissions...
        }

        If instead you want to override the actual raw  SFTP command then
you need to sub-class SftpSubsystem - which I cannot guarantee to
satisfy all your needs.

As far as SCP goes, you could register an ScpTransferEventListener and
examine each upload/download request and throw an exception if user does
not have the right permissions for the source/target.

If more fine-grained control is required, then I'm afraid you will have to
provide your own FileSystem implementation. If you do that you could use it
not only for  SCP but also for SFTP (you can see
our RootedFileSystemProvider as an example)

>> along with that we have a logic to check whether the command is valid or
not

I don't understand what "valid command" means - if it is valid SCP/SFTP
command the server will execute it, otherwise it will reject it.
{quote}

> Help on permissions on SCP and SFTP operations
> ----------------------------------------------
>
>                 Key: SSHD-1093
>                 URL: https://issues.apache.org/jira/browse/SSHD-1093
>             Project: MINA SSHD
>          Issue Type: Question
>            Reporter: Susmit Sarkar
>            Priority: Blocker
>              Labels: SCP, SFTP, mina
>
> We were doing a proof of concept and we are stuck. The use case is before any file operations
I need to check whether the user in session is having permissions to carry on the operations,
along with that we have a logic to check whether the command is valid or not for both SCP
and SFTP.
>   
>  The 2 pre-operations I am not able to perform and I am a bit confused, your guidance
and help will be highly appreciated.
>   
>  I am sharing the git location so it helps you guys see the code, it's a very small maven
project with FileSystem.
>   
>  We are not able to understand where should we implement the hook to achieve the above
use case
>   
>  Thank you again
>   
>  [https://github.com/Susmit07/sftp-poc]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org


Mime
View raw message