SFPT - Vsftpd on Ubuntu: Disallow client timestamp on uploaded files.
 

Hi,

I'm running vsftpd on a Ubuntu server. I'd need vsftpd to disallow the timestamp on files it receives from clients. Right now the behaviour is that the uploaded files get the timestamp from the files itself using WINSCP with Preserve Timestamp option enabled. I'd like to make config on server side witch disalowed clients such as WINSCP to preserve timestamps.

I done some research and try different options with mdtm_write=NO in conf file but nothing works.

vsftpd: version 3.0.3

Thanks !

Are you sure your clients are using FTP? The default with WinSCP is to use SFTP, which uses sshd on the server side, not vsftpd.

Worth to mention I'm new in linux :)

You're right, this is SFTP connection via port 22. To be precise this is a VM on Azure with linux ubuntu witch I configured with this tutorial (except that I deny access for port 21 in NSG):

https://dev.to/aloneguid/setting-up-...oft-azure-2npb

After that sFTP works fine and I thought it was because vsftpd. Looks like I should go into sshd config now. :)

Edit: Cant find any solution :( Need Your help.

Still no luck, anyone?

If you are using SFTP, then you can (and should) remove vsftpd from your server.

As for the date-time stamps, can you describe your task in a little more detail or in different words? If you are copying a file to your server using SFTP, it gets the time-date of its arrival on the server, not its original time-date. If you wish to preserve the the original time-date, then use the -p option with the SFTP client, or with the get or put command within SFTP.

However, if you are not using the regular SFTP client but WinSCP instead, look to the documentation for WinSCP instead. Or else try a different client.

In my task I share SFTP with multiple users. They can use several SFTP clients, I really don't know which one. Now, when I use SFTP, my file gets timestamp from the server and that's correct. But if any of my clients use winSCP with preserve timestamp option on (it's on by default) - the file save orginal timestamp. And that's not correct. I try to configure my server to dissalow that option. I need timestamp from server all the time.

Over on the server itself, see which protocol features there are:

Then you can block all attribute changes for any SFTP activity by banning setstat and fsetstat in sshd_config:

Or


There are side effects. That will also block the built-in chmod and related tools.

See "man sftp-server" for the -Q and -P options.

Works untill I reboot :

When I upload files via WinSCP I get exeption and timestamp from server on my file. Works great

Then I reboot my machine and preserve timestamp in WinSCP works again.

Step-by-Step:
1. Create VM with Ubuntu Server 18.04 LTS
2. SSH -> Add --> Subsystem sftp /usr/lib/openssh/sftp-server -P setstat,fsetstat in sshd_config
3. Test ok - exception. Cant preserve timestamp
4. Disallow SSH on user (sudo usermod -s /usr/lib/openssh/sftp-server and add /usr/lib/openssh/sftp-serve in /etc/shells)
5. sudo chmod 0700 /home/user
6. test ok - exception.
7. Reboot
8. Test fail - Can preserve timestamp.


Ok. Figure it out. After I use that - 'sudo usermod -s /usr/lib/openssh/sftp-server user' sshd_config wont work for that user. How Can I restrict access to SSH for users and make them affected by my sshd_config in the same time? :)