Folder Permissions

[felix001]

My goal is set my data folder to create any new files or folders which are moved or created within a permissions setting of 775.

Ive been looking into umask and sticky bits, but as yet cannot see anything that would help me reach my goal...

Can anyone help.. ?

 

[smah]

I suppose the first question has to be: How will these new files & folders arrive there? - ftp, samba, nfs, something else?

 

[felix001]

via ssh, i have looked a bit more on this and i believe that I need to change the umask for the ssh process itself,

Just trying to find where you set this ???

 

[PHV]

Perhaps in the /etc/.ssh/rc file.

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[felix001]

yep , i already checked there all i have is

[root@localhost .ssh]# ls -lha
total 24K
drwx------ 2 root root 4.0K Apr 20 16:38 .
drwxr-x--- 5 root root 4.0K Apr 20 16:12 ..
-rw-r--r-- 1 root root 3.0K Apr 20 14:03 known_hosts

ive search the man page and also did a recursive grep against all the ssh files for umask but nothing...
even google hasnt come up with much..

 

[PHV]

ive search the man page
man sshd

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[felix001]

As i mentioned I have already looked at the man pages for sshd.

 

[PHV]

And no mention of rc file there ?

 

[felix001]

it mentions the rc file but im not sure where i would put it in the rc scripts so that it takes effect ...
also the ~/.ssh/environment file which I have created this and also enabled the PermitUserEnvironment seems to have no affect ....

 

[PHV]

Have umask 002 in the /etc/.ssh/rc file.

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[felix001]

this file doesnt exsist...
i have the standard /etc/init.d/sshd and the relevant rc scripts....

 

[KenCunningham]

Create it....

Some days are diamonds, some days are rocks - make sure most are the former.

 

[felix001]

ive created the rc file but this also did not work,

[root@localhost .ssh]# pwd
/root/.ssh
[root@localhost .ssh]# ls -l
total 16
-rwx------ 1 root root 19 Apr 25 16:11 environment
-rw-r--r-- 1 root root 3837 Apr 25 15:48 known_hosts
-rwxr-xr-x 1 root root 19 Apr 25 16:08 rc
[root@localhost .ssh]# cat environment rc
/usr/bin/umask 755
/usr/bin/umask 755
[root@localhost .ssh]#

There must be a way of which to set the umask for any ssh sessions.

Im pretty much out of ideas...

 

[Annihilannic]

When you say via ssh, do you actually mean scp, sftp, or a shell session of some type. If it's the latter it's possible the umask is being overwridden by shell profiles or something like that. An example would help us to reproduce this behaviour and make a recommendation for you.

Also, what OS is this exactly? Some of them (Linux, ...?) use the PAM mechanism to set umasks which may also be overriding it (although one would expect that occur before any SSH environment settings).

Annihilannic.

 

[felix001]

In the end I resolved this using the following document...

http://fir3net.com/UNIX-/-Linux/General-UNIX/setting-the-umask-in-sshd.html

http://www.fir3net.com

 

[Annihilannic]

That solution doesn't make sense to me; how does calling the boot-time startup script for sshd (i.e. in /etc/init.d) from sshd help resolve the issue? Shouldn't the sshd.sh just invoke /usr/sbin/sshd directly (typo maybe?).

Annihilannic.

 

[felix001]

I think that you could be right, i changed a previous examples which added the sftp into the subsystem section for the sshd_config.

In this example you could get caught in a loop.
Is there any other way that you know of that may work..

To answer your previous questions...

When i scp a file over to a directory I want these files to have a default set of permissions set.

http://www.fir3net.com

 

[Annihilannic]

The only way I could do this reliably was to set a umask before starting sshd which is not ideal since it affects all users. If you like that idea then the tidiest way to achieve it would be to create an /etc/sysconfig/sshd file (if not already present) containing the umask 000 command.

Alternatively you could start a separate sshd on a different port specifically for this purpose.

If the source files have the correct permissions, have you considered simply using scp -p instead to preserve permissions?

The ~/.ssh/rc script seems to be run in its own sub-process so any umask settings done there are immediately forgotten when it completes.

Ignore my mention of PAM earlier; I was thinking of ulimits, not umasks...

Annihilannic.

 

[felix001]

I think i may need to add a scp script into the subsystem section of the ssd_config.
Then within the script set the umask and call the scp binary...

If anyone has any other ideas please let me know...

http://www.fir3net.com

 

[Annihilannic]

It's not very well documented on the sshd_config man page, but I believe the only Subsystem that is supported is sftp, so you may have limited mileage with that.

If you are using OpenSSH 5.0 or higher you may have more luck with the Forcecommand option (perhaps combined with Match to make it only apply to appropriate users), but again I'm not sure whether that will apply with scp connections...

Annihilannic.