Solved

UNIX File permissions when using STFP

Posted on 2013-11-25
9
706 Views
Last Modified: 2013-12-02
I am perfomring PUT using SFTP (FTP with SSH), I require explicit file permissions on the landed file based on user and group of the destination host.

The host destination is PUTing with a set of permissions although when the file arrives at the destination the permissions are reduced.

I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.
0
Comment
Question by:Nicenchrisp
  • 4
  • 4
9 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39675249
Your issue might be due to the remote umask modifying the permissions.

sftp supports the chmod, chown and chgrp subcommands.

So you can do

sftp hostname
put /path/to/local/file /path/to/uploaded/file
chmod 770 /path/to/uploaded/file


Add chown/chgrp statements as needed.
0
 

Author Comment

by:Nicenchrisp
ID: 39676955
Which umask is coming into play here, where would the umask file be located ?  what should it contain ? How would I apply the umask in order to test ?

all transfers will require the same permissions and a FTP script change will be tough to implement.  Changing the umask will be easier, therefore......

Which umask is coming into play here, where would the umask file be located ?  what should it contain ? How would I apply the umask in order to test ?
0
 
LVL 4

Expert Comment

by:popesy
ID: 39677188
Hi, you can set the umask value in the sshd_config using;

1. All users;

Subsystem       sftp    /usr/sbin/sftp-server -u 2

2. Or the 'Match group' stanza like;

Match Group <groupname>
ForceCommand /usr/sbin/sftp-server -u 2

You'll have to figure out your umask value needed based on the system default or such like.

I've used the 'Match User/Group' stanzas for a chroot SFTP jailing, but I've not had to alter any umask values.

Of course don't forget to stop/start the sshd to pick up the sshd_config changes.

Cheers, JP.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39677401
Hi,

popesy's suggestion implies changing the sshd config on the target machine - I assumed that you didn't want to do that.

The umask in question is the default umask "022" on the target machine, which should not be changed globally, only by changing the configuration of the writer process (sftp server in this case).

So if you're allowed and willing to change the sshd configuration on the target machine follow popesy's suggestion (set "-u 7" to get the desired permissions), but if you don't want to touch the target server my suggestion is the way to go.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Accepted Solution

by:
Nicenchrisp earned 0 total points
ID: 39680669
ALL,

Solved by using a sticky bit !
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39680682
Neither the "sticky" bit nor the SUID or SGID bits for directories can influence permissions, only ownership.

May I ask you to explain your solution in detail?
0
 

Author Comment

by:Nicenchrisp
ID: 39680929
a sticky bit was applied to the directory where the file lands which provided the nesscary group membership in order for the onward processing to take place.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39681276
Ok, so far for the group ownership.

But you wrote in your question

>> when the file arrives at the destination the permissions are reduced <<

and

>> I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.  <<

Which way did you cope with these requirements?
0
 

Author Closing Comment

by:Nicenchrisp
ID: 39689434
simple is best
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now