getssl icon indicating copy to clipboard operation
getssl copied to clipboard

Published 20 hours ago verified publisher icon srvrco

scp to remote host needs mkdir first

Open oakapplenet opened this issue 5 years ago • 3 comments
trafficstars

Describe the bug scp needs to mkdir first

To Reproduce Steps to reproduce the behavior:

An ACL entry like

ssh:host-139:/export/web/oak/web/.well-known/acme-challenge

leads to an scp which fails if /export/web/oak/web/.well-known/acme-challenge does not exist yet.

Expected behavior The mkdir should be automatic.

Operating system (please complete the following information):

  • OS: SPARC Solaris 10
  • Bash Version GNU bash, version 3.2.51(1)-release (sparc-sun-solaris2.10)

Additional context Newer versions of scp might do this automatically for all I know. I was able to patch getssl by inserting five lines thus, to use ssh to mkdir before the scp

if [[ "${to:0:4}" == "ssh:" ]] ; then

host=echo ${to:4} | awk -F: '{print $1}' file=echo ${to:4} | awk -F: '{print $2}' dir=dirname $file echo ssh $SSH_OPTS $host mkdir -p $dir ssh $SSH_OPTS $host mkdir -p $dir

  debug "using scp -q $SCP_OPTS $from ${to:4}"

oakapplenet avatar Nov 09 '20 04:11 oakapplenet

@oakapplenet

Thanks for this bug report - I'll add the change you suggest (and some tests for ssh/scp at the same time)

timkimber avatar Nov 09 '20 20:11 timkimber

Not sure this is a good idea, especially on the fly. It creates a directory in the webserver tree; a typo in the ACL might be problematic. In addition, there's the matter of getting the right ownership/permissions. There's no point in creating the directory if its permissions - and those of created files aren't correct. This is non-trivial when you consider different webservers, distributions, and site configurations.

This would be better addressed in documentation, and/or an installation/setup script, that's run one-time under human supervision.

(Also, see related remarks in #683)

tlhackque avatar Jul 25 '21 11:07 tlhackque

Thanks for the thoughts. I can see the potential problems of doing too much automatically. getssl might check for the existence of the necessary directories and guide users to a setup script.

From @.*** Sun Jul 25 04:03:06 2021 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1627210939; bh=cm2RxzBn8lJTOBPeHASGl878qx++bRZ9X2J8EpQyGa8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=uruHtivzcNAeobuXH3h+fi2t+Qzrw82oB5HEfCSQJE4/emUVtU3nLkK9TYthct7CS 5A9I0F18TVkob87A5TSGCC5YyzACObpnO6pHlo/GvYQ7wMXpYF/POKOouzQAuY0jBZ iWThBTU6aVUYM1Eo9AUkH0yC4xeeKnigflhAfJYg= Date: Sun, 25 Jul 2021 04:02:19 -0700 From: Timothe Litt @.> To: srvrco/getssl @.> Cc: oakapplenet @.>, Mention @.> Subject: Re: [srvrco/getssl] scp to remote host needs mkdir first (#597) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-GitHub-Sender: tlhackque X-GitHub-Recipient: oakapplenet X-GitHub-Reason: mention List-ID: srvrco/getssl <getssl.srvrco.github.com> List-Archive: https://github.com/srvrco/getssl List-Post: @.> List-Unsubscribe: @.>, https://github.com/notifications/unsubscribe/ARV3JSG3GQ455AWQKMP7R4TTZPVLXANCNFSM4TO2HOSQ X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: @.***

----==_mimepart_60fd44bb7f1b7_309cc72499026 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit

Not sure this is a good idea, especially on the fly. It creates a directory in the webserver tree; a typo in the ACL might be problematic. In addition, there's the matter of getting the right ownership/permissions. There's no point in creating the directory if its permissions - and those of created files aren't correct. This is non-trivial when you consider different webservers, distributions, and site configurations.

This would be better addressed in documentation, and/or an installation/setup script, that's run one-time under human supervision.

-- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/srvrco/getssl/issues/597#issuecomment-886184350 ----==_mimepart_60fd44bb7f1b7_309cc72499026 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Not sure this is a good idea, especially on the fly. It creates a directory in the webserver tree; a typo in the ACL might be problematic. In addition, there's the matter of getting the right ownership/permissions. There's no point in creating the directory if its permissions - and those of created files aren't correct. This is non-trivial when you consider different webservers, distributions, and site configurations.

This would be better addressed in documentation, and/or an installation/setup script, that's run one-time under human supervision.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.

----==_mimepart_60fd44bb7f1b7_309cc72499026--

oakapplenet avatar Aug 05 '21 03:08 oakapplenet