upstream: mention usefulness of request type allow/denylisting for

servers accepting untrusted clients OpenBSD-Commit-ID: 8b991bd263b46374a8e73f02d05cdccca73ae520
2026-06-24 08:48:18 +00:00 · 2026-05-21 02:50:59 +00:00
parent 62fce76130
commit e5c9cf9ac7
1 changed files with 13 additions and 2 deletions
--- a/sftp-server.8
+++ b/sftp-server.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.31 2021/07/27 14:14:25 jmc Exp $
+.\" $OpenBSD: sftp-server.8,v 1.32 2026/05/21 02:50:59 djm Exp $
 .\"
 .\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 27 2021 $
+.Dd $Mdocdate: May 21 2026 $
 .Dt SFTP-SERVER 8
 .Os
 .Sh NAME
@@ -109,6 +109,17 @@ The
 flag can be used to determine the supported request types.
 If both denied and allowed lists are specified, then the denied list is
 applied before the allowed list.
+This flag, along with the
+.Fl p
+flag, may be used to disable operations that are irrelevant or undesirable
+for the server.
+For example, a
+.Nm
+that accepts connections from untrusted clients may wish to disable the
+.Dq copy-data
+or
+.Dq users-groups-by-id
+operations.
 .It Fl p Ar allowed_requests
 Specifies a comma-separated list of SFTP protocol requests that are permitted
 by the server.