Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Linux Permissions with SFTP Question

Posted on 2011-02-11
3
Medium Priority
?
927 Views
Last Modified: 2012-05-11
I am using CentOS 5.5 with OpenSSH 5.7 and am running into a permission issue with SFTP. I have both employees accessing the server from the internal network as well as customers accessing the server from the Internet.

All of the customers are in a group call sftpusers and are chrooted to a directory, using the internal-sftp subsystem of OpenSSH 5.7 for that group.

Inside this directory there are individual directories for each user to upload their files. The directories are setup with the customer's userid as the owner with RW permissions, and a group with RW permissions.

The customer is not in the group that has RWX permissions to the directory. All of our employees are in that group so they can retrieve the files the customers upload to the server.

When the customer uploads a file to the server, the system is defaulting the permissions to 644. How do I get it so the permissions default to 660?

The second question is that when one of our employees places something in the customer's directory via SSH the server assigns it the userid and the primary group of the uploader? How do we get the system to use the parent directories owner and group instead of the uploaders? There are times when we need to place something in the customer's directory for them to retrieve.

The end result is that each customer has their own private directory that other customers can't access but our employees can. Both employees and customers should be able to create, delete, and modify the contents of the individual directories.

I have tried setting the setUID (chmod -R u+s /path to customer directory/customer directory) and setGID (chmod -R g+s /path to customer directory/customer directory)  bits but it is not doing what I expect them to do.
0
Comment
Question by:TimesNews
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
ropenner earned 2000 total points
ID: 34876904
umask for SFTP is the issue I think.  It may use root's umask so you can override that with the below:

change the Subsystem line in your sshd_config to this:

Subsystem sftp /bin/sh -c ‘umask 0002; /usr/libexec/openssh/sftp-server’

check for further explanations of setting up shells around sftp for umask
   http://jeff.robbins.ws/articles/setting-the-umask-for-sftp-transactions
0
 

Author Comment

by:TimesNews
ID: 34876911
Based on the documentation for sshd_config changing the subsystem will remove the in process sftp server and corresponding chroot jail. Since out customers will be access this system, chanigng the subsystem line to use the openssh sftp server is not an option.
0
 

Author Comment

by:TimesNews
ID: 34891683
It looks like the documentation for openssh was incorrect. The comment by ropenner worked.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question