We have a server that acts as a "dropbox" for (outside) users to upload data to us over sftp/ssh. We need to process these files (gpg decrypt, unzip, etc) as they come in. In the past, we simply processed each file in each users home directory without regard to whether we had already processed it. This turned out to be wasteful. I updated (rewrote) our processing script to rely on a mechanism like:
FILESTOPROCESS=$(find -H /home/$CUST -type f -newer /home/$CUST/marker-file)
This combined with a touch /home/$CUST/marker-file has worked great and our workload was dramatically reduced.
A day or so ago, we had a configuration issue in our SSH server which temporarily disallowed users to upload files to us. When the script ran again, it overlooked a file the user initially failed to upload, but subsequently uploaded via sftp/ssh with a "-p" option, for preserve timestamp. This set the c/a/mtimes of the file to be a day or so older than the marker-file and so it was subsequently ignored.
I'd like to disallow users from uploading with "-p" so that files are created with current timestamps.
Can I do this in sshd_config?
Best Answer
No, you cannot do this in the config. Looking through
sftp-server.c, I see that the only way to disable this is to runsftp-serverin read only mode, which is quite useless if you want to allow uploads :)If you don't mind maintaining your own openssh package, you can remove the calls to
utimes/futimesinsftp-server.cbefore compiling. Alternatively you can use anLD_PRELOADlibrary with noop implementations of these functions.