Romanna_Guo
asked on
How to force NTFS Permission Inheritance to files transferred through sftp with OpenSSH
Hello Everyone,
I have been running a secure web server in Server 2003 using NTFS permissions to dictate what groups can access.
Unfortunately due to the secure nature of the web server the only way to access and upload things to the server is via sftp, currently the sftp client used here is FileZilla.
While all the original files on the server were migrated by me the administrator and permissions were set up during the migration, unknown to me all the new files being uploaded were being owned by the user that did the upload and permissions set to whatever they were on the users local machine.
Now, as the title has stated I am looking for a way to force the permissions applied to the NTFS file structure to be inherited from the parent folder of where they are uploaded to.
I have come across a couple vague references to changing of the config file or try and script a force of file permissions in the scheduled tasks. Unfortunately I do not have enough experience with either to understand what would be required and how it would work to proceed on either front.
I would greatly appreciate any help or pointers to get me headed in the right direction.
Thanks,
Jonathon
I have been running a secure web server in Server 2003 using NTFS permissions to dictate what groups can access.
Unfortunately due to the secure nature of the web server the only way to access and upload things to the server is via sftp, currently the sftp client used here is FileZilla.
While all the original files on the server were migrated by me the administrator and permissions were set up during the migration, unknown to me all the new files being uploaded were being owned by the user that did the upload and permissions set to whatever they were on the users local machine.
Now, as the title has stated I am looking for a way to force the permissions applied to the NTFS file structure to be inherited from the parent folder of where they are uploaded to.
I have come across a couple vague references to changing of the config file or try and script a force of file permissions in the scheduled tasks. Unfortunately I do not have enough experience with either to understand what would be required and how it would work to proceed on either front.
I would greatly appreciate any help or pointers to get me headed in the right direction.
Thanks,
Jonathon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What I am suprised about is that the Filezilla transfer is keeping the file's permission settings.
Acting like a file-move instead of a file-copy operation.
Acting like a file-move instead of a file-copy operation.
ASKER
I know, I was totally surprised when i found out this is going on... maby there is a setting in filezilla with permissions... I did not think of that approach... it would save me on a complicated script structure
ASKER
this is a good way to write ownership and permission, to make it work as to force inheritance on a folder structure, it has to be written as a script and then applied to a scheduled task to run as frequently as any updates to the file system are made.
ASKER
I actually came across that link about an hour ago in my research and am in the middle of reading the documentation for it to see if it will work for my needs. knowing this is what you suggest I will proceed on that front exclusively then.
I was hoping there would be a line in the ssh_config or sshd_config files to force the inheritance but I have been unable to locate one.
xcacls seems to be a very powerful command that can accomplish much.
Jonathon