[kio-extras] [Bug 471972] New: chmod after file upload breaks sftp-server's Fedora-specific file permission enforcement

[bugzilla_noreply]

https://bugs.kde.org/show_bug.cgi?id=471972

            Bug ID: 471972
           Summary: chmod after file upload breaks sftp-server's
                    Fedora-specific file permission enforcement
    Classification: Frameworks and Libraries
           Product: kio-extras
           Version: 22.12.3
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: SFTP
          Assignee: plasma-b...@kde.org
          Reporter: regime_unsold...@simplelogin.com
  Target Milestone: ---

SUMMARY

kio sftp does an additional chmod on uploaded files, which overrides
server-side enforced permissions. The issue does not occur with the standard
sftp command-line client.


STEPS TO REPRODUCE
I have a server running RHEL 9 where sftp-server enforces file permissions with
the -m switch, using the following configuration in /etc/openssh/sshd_config:

`Subsystem sftp /usr/libexec/openssh/sftp-server -m 0660 -u 0006`

This is a Fedora/RHEL-specific feature, as can be seen
[here](https://src.fedoraproject.org/rpms/openssh/blob/f34/f/openssh-6.7p1-sftp-force-permission.patch).

To reproduce, upload a file with permission bits 600 via Dolphin.


OBSERVED RESULT
If I upload a file with permission bits 600 with Dolphin, it ends up with 600.

sftp-server debug log:
```
Jul 05 12:18:02 rlvm sftp-server[13792]: open "/srv/test/upload.txt.part" flags
WRITE,CREATE,TRUNCATE mode 0660
Jul 05 12:18:02 rlvm sftp-server[13792]: debug1: request 10: sent handle handle
0
Jul 05 12:18:02 rlvm sftp-server[13792]: debug1: request 11: write
"/srv/test/upload.txt.part" (handle 0) off 0 len 2
Jul 05 12:18:02 rlvm sftp-server[13792]: sent status Success
Jul 05 12:18:02 rlvm sftp-server[13792]: close "/srv/test/upload.txt.part"
bytes read 0 written 2
Jul 05 12:18:02 rlvm sftp-server[13792]: sent status Success
Jul 05 12:18:02 rlvm sftp-server[13792]: rename old "/srv/test/upload.txt.part"
new "/srv/test/upload.txt"
Jul 05 12:18:02 rlvm sftp-server[13792]: sent status Success
Jul 05 12:18:02 rlvm sftp-server[13792]: debug1: request 14: setstat name
"/srv/test/upload.txt"
Jul 05 12:18:02 rlvm sftp-server[13792]: set "/srv/test/upload.txt" mode 0600
Jul 05 12:18:02 rlvm sftp-server[13792]: sent status Success
```

EXPECTED RESULT
If I upload a file with permission bits 600 by using the sftp command, it ends
up with 660 on the server, as expected.

sftp-server debug log:
```
Jul 05 12:48:50 rlvm sftp-server[14962]: sent status Success
Jul 05 12:48:56 rlvm sftp-server[14962]: open "/srv/test/upload.txt" flags
WRITE,CREATE,TRUNCATE mode 0660
Jul 05 12:48:56 rlvm sftp-server[14962]: debug1: request 13: sent handle handle
0
Jul 05 12:48:56 rlvm sftp-server[14962]: debug1: request 15: write
"/srv/test/upload.txt" (handle 0) off 0 len 2
Jul 05 12:48:56 rlvm sftp-server[14962]: sent status Success
Jul 05 12:48:56 rlvm sftp-server[14962]: close "/srv/test/upload.txt" bytes
read 0 written 2
Jul 05 12:48:56 rlvm sftp-server[14962]: sent status Success
```


SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora 37
KDE Plasma Version:  5.27.4
KDE Frameworks Version: 5.105.0
Qt Version: 5.15.9


ADDITIONAL INFORMATION

As you can see, the culprit is the additional mode change. I assume this line
of code causes this:
https://github.com/KDE/kio-extras/blob/master/sftp/kio_sftp.cpp#L1545

Why is this explicit chmod being done here? Would it be possible to remove
this? Thank you!

-- 
You are receiving this mail because:
You are watching all bug changes.