mysecureshell icon indicating copy to clipboard operation
mysecureshell copied to clipboard
verified publisher icon mysecureshell

FileSpec filename restriction not allowing ls

Open cmseal opened this issue 4 years ago • 0 comments

If using this FileSpec and regex to restrict a user to only seeing files with "Title-CategoryA-" at the beginning means that the ls command no longer works and attempts respond with remote readdir("/"): Permission denied.

Ideally, the FileSpec would allow ls and only show those files allowed.

The assumption is that there is another user with access only to "Title-CategoryB-" filenames etc.

Attempts to use "Deny" with regex to match for all except "-CategoryA-" also fails to work.

Currently, we're only able to achieve this with multiple "Deny" statements, for each one we wish to prevent. This becomes unmanageable at any significant scale - this could be 15-20 "Deny" statements per FileSpec, and will only increase over time.

Thoughts or suggestions welcome, but we're restricted to multiple users accessing a single directory with multiple files.

<FileSpec AllowedFiles-CategoryA>
    UseFullPath false
    Order AllowDeny
    Allow "^Title-CategoryA-[0-9]{8}\.csv$"
    Deny all
</FileSpec>

cmseal avatar Jun 24 '21 11:06 cmseal