https://bugzilla.mindrot.org/show_bug.cgi?id=2282
Bug ID: 2282
Summary: When group member count exceeds 126, config reliant
fails
Product: Portable OpenSSH
Version: 5.3p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sftp-server
Assignee: [email protected]
Reporter: [email protected]
Match Group sftponly
ChrootDirectory /cust/ftp/secure/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -l INFO
Match Address *,!10.* Group *,!sftponly
ForceCommand echo 'External shell access denied.'
These two lines succeed at:
1) when connections are attempted by users in 'sftponly', they're
limited to SFTP via internal-sftp successfully.
2) when connections are attempted from external locations, and the
account is NOT in 'sftponly' group, they're blocked.
Except when the number of users in the sftponly account reaches 127
users. At this point after successfully authenticating, the connection
is ended with the error code 255 from the server.
I have setup a local workaround, but splitting the group, duplicating
match group for new group and tweaking the match address config:
Match Group sftponly
ChrootDirectory /cust/ftp/secure/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -l INFO
Match Group sftponly2
ChrootDirectory /cust/ftp/secure/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -l INFO
Match Address *,!10.* Group *,!sftponly*
ForceCommand echo 'External shell access denied.'
As long as no new members are added to the group that has 126 users in
it already, then all is well.
It would be best to not have to deal with a limit of 126 to the number
of users in the group.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
