rsync was executed as an external command, which means we have no insight
into or control over what it actually does.
From a security perspective, this is far from ideal.
To be clear, there's nothing inherently wrong with rsync itself. However,
if we were to support it properly within SFTPGo, we would need to implement
the low-level protocol internally rather than relying on launching an external
process. This would ensure it works seamlessly with any storage backend,
just as SFTP does, for example.
We recommend using one of the many alternatives that rely on the SFTP
protocol, such as rclone
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This change should fix the random failure in TestSCPTransferQuotaLimits
because the quota is already updated when the scp command ends.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
A structure similar to the one used for secrets would be better,
but we don't want to break backwards compatibility.
Also document that omitting the password field in the request body
will preserve the current password when updating a user using the
REST API. Added a test case for this.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This introduce a backward incompatible change for filesystem path matching
in the Event Manager, now patterns like "*.txt" will no longer match any
file with the "txt" suffix, you need to change them to "/**/*.txt".
Also change pre-delete behaviour, now if an error is returned the client
will get a permission denied error. This is the same as the other pre-*
action. Previously it was not possible to deny deletion of a file.
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
