How to force NTFS Permission Inheritance to files transferred through sftp with OpenSSH

Romanna_Guo
Romanna_Guo used Ask the Experts™
on
Hello Everyone,

I have been running a secure web server in Server 2003 using NTFS permissions to dictate what groups can access.

Unfortunately due to the secure nature of the web server the only way to access and upload things to the server is via sftp, currently the sftp client used here is FileZilla.

While all the original files on the server were migrated by me the administrator and permissions were set up during the migration, unknown to me all the new files being uploaded were being owned by the user that did the upload and permissions set to whatever they were on the users local machine.

Now, as the title has stated I am looking for a way to force the permissions applied to the NTFS file structure to be inherited from the parent folder of where they are uploaded to.

I have come across a couple vague references to changing of the config file or try and script a force of file permissions in the scheduled tasks.  Unfortunately I do not have enough experience with either to understand what would be required and how it would work to proceed on either front.

I would greatly appreciate any help or pointers to get me headed in the right direction.

Thanks,

Jonathon
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:

You are going to have to have your users change the file's permsissions before uploading. at the very least, give the Users Group Full access.

I'd then suggest a scheduled batch job to run, under admin level rights, and set the necessary permissions.

Investigate the usefullness of the "cacls" command and command line management of group permissions with it.
First step - take ownership, then push necessary settings.

http://support.microsoft.com/kb/825751

Author

Commented:
thank you,

I actually came across that link about an hour ago in my research and am in the middle of reading the documentation for it to see if it will work for my needs.  knowing this is what you suggest I will proceed on that front exclusively then.

I was hoping there would be a line in the ssh_config or sshd_config files to force the inheritance but I have been unable to locate one.

xcacls seems to be a very powerful command that can accomplish much.

Jonathon

Commented:
What I am suprised about is that the Filezilla transfer is keeping the file's permission settings.
Acting like a file-move instead of a file-copy operation.

Author

Commented:
I know, I was totally surprised when i found out this is going on...  maby there is a setting in filezilla with permissions... I did not think of that approach... it would save me on a complicated script structure

Author

Commented:
this is a good way to write ownership and permission, to make it work as to force inheritance on a folder structure, it has to be written as a script and then applied to a scheduled task to run as frequently as any updates to the file system are made.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial