This patch for openssh does several things. It allows secure ftp sessions to be logged on the ftp server; it allows one to designate a umask for ftp sessions, this umask overrides any other umask setting, including what the client sends; and it allows one to designate whether the ftp client is allowed to execute "chown" or "chgrp" commands on the server.

So, in other words, this patch is for people who run a secure ftp server.

Logging can be turned off or on. If it's on, each ftp session is logged via "syslog." This means that you can append the logs to the system log file, or to a file of you choosing. If you like, you can have it logged to its own file. This is user-based logging, which means the log will associate the username with the actions that the he performs. Actions logged are the following: file creation, file removal, file modification including renaming or moving the file, and directory traversal. Why would you want to use the logging feature? To maintain an audit trail of the ftp sessions on your server.

The umask setting is optional. If no umask is specified, then the server will use the client's umask if it is specified or the default server environment umask. If you specify a umask, then it overrides these others. The umask applies to any file creation or renaming. Why would you need to set the umask? If you need to disallow your users from changing file permissions and force them to use the same permission setting for uploaded files.

You have the ability to prevent the client from issuing "chown" or "chgrp" commands. By default, they are allowed to do this. If you don't want them to be able to change the ownership of file content on your ftp server, then they will receive a "operation not permitted" response whenever they attempt to issue these commands.

Please refer to the History page for a history of why I developed this patch.

Please refer to the Installation notes for instructions on how to install and use the patch.