Skip to content

Implement the python side of SFTP access to all sharelinks #284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: next
Choose a base branch
from
Open

Implement the python side of SFTP access to all sharelinks #284

wants to merge 4 commits into from

Conversation

jonasbardino
Copy link
Contributor

@jonasbardino jonasbardino commented Jul 17, 2025
edited
Loading

Implement SFTP access to all sharelinks with added server-side access limitations on all operations when in read-only or write-only mode.

This is still work in progress and the PAM and NSS bits are still missing for sftpsubsys support.
We may still want to look into pointing all read-only sharelink access to a separate read-only (bind-) mount of the persistent storage file system to be extra protected against any missing access limitations.

As @aputtu pointed out after initial testing of the write-only sharelinks they felt somewhat crippled when used e.g. mounted from a file manager like Nautilus or Thunar because we initially rejected all read operations including stat/lstat calls to query basic file and folder info. After some reconsideration that restriction was loosened up to allow explicit stat/lstat calls on explicitly given paths to make most clients behave. Similarly it turned out that simple get downloads from sftp on read-only shares would fail when empty chattr calls were rejected. So such non-changing chattr calls are now also allowed.
We may still want to similarly allow non-changing chown/chmod calls and perhaps even override list_folder to always just return an empty list for write-only shares.

@jonasbardino jonasbardino self-assigned this Jul 17, 2025
@jonasbardino jonasbardino added the enhancement New feature or request label Jul 17, 2025
@jonasbardino jonasbardino linked an issue Jul 17, 2025 that may be closed by this pull request
Share-links, Read-only access from SFTP #38
Open
jonasbardino added a commit that referenced this pull request Jul 20, 2025
@jonasbardino
Add a few variable initializations to address related pylint errors i…
e6c4f2c 
…n PR #284.

None of them are all that important since we should already have prior checks
in place e.g. in configuration init to bail out, but better safe than sorry.
@jonasbardino jonasbardino marked this pull request as ready for review July 20, 2025 09:55
@jonasbardino jonasbardino mentioned this pull request Jul 20, 2025
Merged
jonasbardino added a commit that referenced this pull request Jul 20, 2025
@jonasbardino
Address pylint possible variable use before init errors (#286)
9e94eb2 
Add a few variable initializations to address related `pylint` errors in
PR #284.

None of them are all that important since we _should_ already have prior
checks in place e.g. in configuration init to bail out, but better safe
than sorry.
@jonasbardino jonasbardino force-pushed the add/sftp-access-to-all-sharelinks branch 2 times, most recently from 85978ac to a480cd3 Compare July 20, 2025 10:40
@jonasbardino
Copy link
Contributor Author

With PR #286 and #287 merged there are only a few remaining lint errors in grid_sftp.py and as mentioned in PR #287 they at least look rather harmless. We should still either fix or whitelist them with pylint annotations.

@jonasbardino
Implement the python side of SFTP access to all sharelinks with serve…
1d52852 
…r-side

access limitations on all operations when in read-only or write-only mode.

This is work in progress and the PAM and NSS bits are still missing for
sftpsubsys support.
@jonasbardino
Extend PAM+NSS sharelink access to cover all three access modes in or…
a68144e 
…der to

support access from sshd+sftpsubsys service, too.

Simply adjusts the existing read-write sharelink test and auth to instead loop
through the three access modes in turn and do the similar test for each. Minor
adjustments to continue until one succeeds or all have been tried.

The existing test+auth code is purposefully kept unindented in this version to
make the diff simple to review. Will follow-up with a separate commit which
only indents to fit loop nesting to keep that change simple as well.
@jonasbardino
Avoid string overflow for mode strings of size at most 10 chars plus …
be503bd 
…one byte

string termination (`\0`). Dumb down the sharelink mode iterator to keep it
simple.
Adjust prefix for shared PAM and NSS log line helper to clarify that. Otherwise
we get `pam_mig` log entries even for key login, which never hits PAM.
@jonasbardino
Elaborate the grid_sftp sharelink access handling for a better and more
975cd24 
consistent client experience.
Basically filter certain operations like `chattr` and `stat`/`lstat` more
carefully in order to let read-only and write-only shares behave.

For read-only shares it is necessary to allow non-changing `chattr` calls to
avoid `sftp` failing in simple `get path` downloads.
For write-only shares it's necessary to allow `lstat`/`stat` on given files and
folders to avoid errors e.g. when sftp or sshfs mount `rm`s a file.

Additional tweaks to allow non-changing `chmod`/`chown` in read-only shares are
still under consideration.
@jonasbardino jonasbardino force-pushed the add/sftp-access-to-all-sharelinks branch from bdf95c1 to 975cd24 Compare July 24, 2025 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jonasbardino jonasbardino

Labels
enhancement New feature or request
Projects
None yet
Milestone
Sharelink improvements and capability...
Development

Successfully merging this pull request may close these issues.

Share-links, Read-only access from SFTP
1 participant
@jonasbardino