If a new user is added to config file but NOT at the end of the file, permissions get messed up and I get PermissionError's

[nathanielobrown]

Summary

My analysis so far is that there is an issue with chown setting the wrong permissions for folders if new users are added NOT at the end of the config file.

Context

My config file looks like and is mounted into the pod at /etc/sftp:

user1:asgfafadfasdf:e:::upload,download
user2:asfgdasdfasdfsd:e:::upload,download
user3:asdfasdfsdfdsf:e:::upload,download

I have a persistent storage volume mounted to /home

Periodically I add new users and restart the SFTP container. I've found that if a new user is added not at the end of the file, than existing folders for users that come after the new user in the config file will have their permissions changed to be owned by the previous user in the config file. I think removal of connections might also cause the same issue, and there's a chance I have whether it is the previous or next user that get's set of the owner.

I've mostly avoided having the order of the file changed (new users always go at the end, try not to remove users), but due to an occasional pattern of user deactivation and reactivation I really need to come up with a better solution.

Analysis

• chown is run by create-sftp-user script ([source](https://github.com/atmoz/sftp/blob/master/files/create-sftp-user)) which operates on a single row of the config file
• I think the issue is in uid="$(id -u "$user")" which then gets used for chown -R "$uid:users" "$dirPath" (dirPath is created with dirPath="/home/$user/$dirPath")

Potential Solutions

• Maybe chown -R "$uid:users" "$dirPath" could be changed to chown -R "$user" "$dirPath"?
  • Someone who knows better than me should comment on whether this would have unintended consequences!
• Maybe there's something I can do to avoid this issue? I think this is a clear bug but would love a mitigation if anyone has one