beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-22 07:30:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

allow to set umask on *NIX platforms

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2023-08-08 18:30:42 +02:00
parent f5f56129df
commit 5011002d84
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
5 changed files with 75 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/full-configuration.md
View file

@ -86,6 +86,7 @@ The configuration file contains the following sections:
- `max_per_host_connections`, integer. Maximum number of concurrent client connections from the same host (IP). If the defender is enabled, exceeding this limit will generate `score_limit_exceeded` events and thus hosts that repeatedly exceed the max allowed connections can be automatically blocked. 0 means unlimited. Default: `20`. - `max_per_host_connections`, integer. Maximum number of concurrent client connections from the same host (IP). If the defender is enabled, exceeding this limit will generate `score_limit_exceeded` events and thus hosts that repeatedly exceed the max allowed connections can be automatically blocked. 0 means unlimited. Default: `20`.
- `allowlist_status`, integer. Set to `1` to enable the allow list. The allow list can be populated using the WebAdmin or the REST API. If enabled, only the listed IPs/networks can access the configured services, all other client connections will be dropped before they even try to authenticate. Ensure to populate your allow list before enabling this setting. In multi-nodes setups, the list entries propagation between nodes may take some minutes. Default: `0`. - `allowlist_status`, integer. Set to `1` to enable the allow list. The allow list can be populated using the WebAdmin or the REST API. If enabled, only the listed IPs/networks can access the configured services, all other client connections will be dropped before they even try to authenticate. Ensure to populate your allow list before enabling this setting. In multi-nodes setups, the list entries propagation between nodes may take some minutes. Default: `0`.
- `allow_self_connections`, integer. Allow users on this instance to use other users/virtual folders on this instance as storage backend. Enable this setting if you know what you are doing. Set to `1` to enable. Default: `0`. - `allow_self_connections`, integer. Allow users on this instance to use other users/virtual folders on this instance as storage backend. Enable this setting if you know what you are doing. Set to `1` to enable. Default: `0`.
- `umask`, string. Set the file mode creation mask, for example `002`. Leave blank to use the system umask. Supported on *NIX platforms. Default: blank.
- `defender`, struct containing the defender configuration. See [Defender](./defender.md) for more details. - `defender`, struct containing the defender configuration. See [Defender](./defender.md) for more details.
- `enabled`, boolean. Default `false`. - `enabled`, boolean. Default `false`.
- `driver`, string. Supported drivers are `memory` and `provider`. The `provider` driver will use the configured data provider to store defender events and it is supported for `MySQL`, `PostgreSQL` and `CockroachDB` data providers. Using the `provider` driver you can share the defender events among multiple SFTPGO instances. For a single instance the `memory` driver will be much faster. Default: `memory`. - `driver`, string. Supported drivers are `memory` and `provider`. The `provider` driver will use the configured data provider to store defender events and it is supported for `MySQL`, `PostgreSQL` and `CockroachDB` data providers. Using the `provider` driver you can share the defender events among multiple SFTPGO instances. For a single instance the `memory` driver will be much faster. Default: `memory`.

5
internal/common/common.go
View file

@ -166,6 +166,7 @@ var (
// Initialize sets the common configuration // Initialize sets the common configuration
func Initialize(c Configuration, isShared int) error { func Initialize(c Configuration, isShared int) error {
isShuttingDown.Store(false) isShuttingDown.Store(false)
util.SetUmask(c.Umask)
Config = c Config = c
Config.Actions.ExecuteOn = util.RemoveDuplicates(Config.Actions.ExecuteOn, true) Config.Actions.ExecuteOn = util.RemoveDuplicates(Config.Actions.ExecuteOn, true)
Config.Actions.ExecuteSync = util.RemoveDuplicates(Config.Actions.ExecuteSync, true) Config.Actions.ExecuteSync = util.RemoveDuplicates(Config.Actions.ExecuteSync, true)
@ -569,7 +570,9 @@ type Configuration struct {
// Defender configuration // Defender configuration
DefenderConfig DefenderConfig `json:"defender" mapstructure:"defender"` DefenderConfig DefenderConfig `json:"defender" mapstructure:"defender"`
// Rate limiter configurations // Rate limiter configurations
RateLimitersConfig []RateLimiterConfig `json:"rate_limiters" mapstructure:"rate_limiters"` RateLimitersConfig []RateLimiterConfig `json:"rate_limiters" mapstructure:"rate_limiters"`
// Umask for new uploads. Leave blank to use the system default.
Umask string `json:"umask" mapstructure:"umask"`
idleTimeoutAsDuration time.Duration idleTimeoutAsDuration time.Duration
idleLoginTimeout time.Duration idleLoginTimeout time.Duration
defender Defender defender Defender

31
internal/util/util_fallback.go Normal file
View file

@ -0,0 +1,31 @@
// Copyright (C) 2019-2023 Nicola Murino
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
// by the Free Software Foundation, version 3.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
//go:build !unix
package util
import (
"runtime"
"github.com/drakkan/sftpgo/v2/internal/logger"
)
// SetUmask sets the specified umask
func SetUmask(val string) {
if val == "" {
return
}
logger.Debug(logSender, "", "umask not supported on OS %q", runtime.GOOS)
}

38
internal/util/util_unix.go Normal file
View file

@ -0,0 +1,38 @@
// Copyright (C) 2019-2023 Nicola Murino
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
// by the Free Software Foundation, version 3.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
//go:build unix
package util
import (
"strconv"
"syscall"
"github.com/drakkan/sftpgo/v2/internal/logger"
)
// SetUmask sets the specified umask
func SetUmask(val string) {
if val == "" {
return
}
umask, err := strconv.ParseUint(val, 8, 31)
if err != nil {
logger.Error(logSender, "", "invalid umask %q: %v", val, err)
return
}
logger.Debug(logSender, "", "set umask to: %d, configured value: %q", umask, val)
syscall.Umask(int(umask))
}

1
sftpgo.json
View file

@ -21,6 +21,7 @@
"max_per_host_connections": 20, "max_per_host_connections": 20,
"allowlist_status": 0, "allowlist_status": 0,
"allow_self_connections": 0, "allow_self_connections": 0,
"umask": "",
"defender": { "defender": {
"enabled": false, "enabled": false,
"driver": "memory", "driver": "memory",