diff --git a/README.md b/README.md index 45b1eab..379e272 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,7 @@ You can customize the values of the helm deployment by using the following Value | `configuration.Users[].GID` | Sets the user's GID. A group is created for this value and the user is included | `null` | | `configuration.Users[].Chroot` | If set, will override global `Chroot` settings for this user. | `null` | | `configuration.Users[].Directories` | Array of additional directories created for this user | `null` | +| `configuration.Users[].Umask` | If set, will set a user-specific `umask` value for this user. | `null` | | `initContainers` | Additional initContainers for the pod | `{}` | | `resources` | Resource limits | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | diff --git a/src/ES.SFTP/Configuration/Elements/UserDefinition.cs b/src/ES.SFTP/Configuration/Elements/UserDefinition.cs index 97efacf..935f1a6 100644 --- a/src/ES.SFTP/Configuration/Elements/UserDefinition.cs +++ b/src/ES.SFTP/Configuration/Elements/UserDefinition.cs @@ -15,4 +15,7 @@ public class UserDefinition public ChrootDefinition Chroot { get; set; } = new(); public List Directories { get; set; } = new(); public List PublicKeys { get; set; } = new(); + + // Umask property for user-specific file permissions + public string Umask { get; set; } } \ No newline at end of file diff --git a/src/ES.SFTP/SSH/SSHService.cs b/src/ES.SFTP/SSH/SSHService.cs index 4cd2e06..667a96c 100644 --- a/src/ES.SFTP/SSH/SSHService.cs +++ b/src/ES.SFTP/SSH/SSHService.cs @@ -68,7 +68,8 @@ private async Task UpdateConfiguration() PKIandPassword = sftpConfig.Global.PKIandPassword }; - var exceptionalUsers = sftpConfig.Users.Where(s => s.Chroot != null).ToList(); + var exceptionalChrootUsers = sftpConfig.Users.Where(s => s.Chroot != null).ToList(); + var exceptionalUmaskUsers = sftpConfig.Users.Where(s => !string.IsNullOrWhiteSpace(s.Umask)).ToList(); var standardDeclarations = new[] { @@ -82,7 +83,17 @@ private async Task UpdateConfiguration() : s.Username) ); - sshdConfig.MatchBlocks.AddRange(exceptionalUsers.Select(s => new MatchBlock + sshdConfig.MatchBlocks.AddRange(exceptionalUmaskUsers.Select(s => new MatchBlock + { + Criteria = MatchBlock.MatchCriteria.User, + Match = {s.Username}, + Declarations = new List(standardDeclarations) + { + $"ForceCommand internal-sftp -u {s.Umask}" + } + })); + + sshdConfig.MatchBlocks.AddRange(exceptionalChrootUsers.Select(s => new MatchBlock { Criteria = MatchBlock.MatchCriteria.User, Match = {s.Username}, @@ -99,7 +110,7 @@ private async Task UpdateConfiguration() { Criteria = MatchBlock.MatchCriteria.User, Match = {"*"}, - //Except = exceptionalUsers.Select(s => s.Username).ToList(), + //Except = exceptionalChrootUsers.Select(s => s.Username).ToList(), Declarations = new List(standardDeclarations) { $"ChrootDirectory {sftpConfig.Global.Chroot.Directory}",