Solved

UNIX File permissions when using STFP

Posted on 2013-11-25
9
718 Views
Last Modified: 2013-12-02
I am perfomring PUT using SFTP (FTP with SSH), I require explicit file permissions on the landed file based on user and group of the destination host.

The host destination is PUTing with a set of permissions although when the file arrives at the destination the permissions are reduced.

I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.
0
Comment
Question by:Nicenchrisp
  • 4
  • 4
9 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39675249
Your issue might be due to the remote umask modifying the permissions.

sftp supports the chmod, chown and chgrp subcommands.

So you can do

sftp hostname
put /path/to/local/file /path/to/uploaded/file
chmod 770 /path/to/uploaded/file


Add chown/chgrp statements as needed.
0
 

Author Comment

by:Nicenchrisp
ID: 39676955
Which umask is coming into play here, where would the umask file be located ?  what should it contain ? How would I apply the umask in order to test ?

all transfers will require the same permissions and a FTP script change will be tough to implement.  Changing the umask will be easier, therefore......

Which umask is coming into play here, where would the umask file be located ?  what should it contain ? How would I apply the umask in order to test ?
0
 
LVL 4

Expert Comment

by:popesy
ID: 39677188
Hi, you can set the umask value in the sshd_config using;

1. All users;

Subsystem       sftp    /usr/sbin/sftp-server -u 2

2. Or the 'Match group' stanza like;

Match Group <groupname>
ForceCommand /usr/sbin/sftp-server -u 2

You'll have to figure out your umask value needed based on the system default or such like.

I've used the 'Match User/Group' stanzas for a chroot SFTP jailing, but I've not had to alter any umask values.

Of course don't forget to stop/start the sshd to pick up the sshd_config changes.

Cheers, JP.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39677401
Hi,

popesy's suggestion implies changing the sshd config on the target machine - I assumed that you didn't want to do that.

The umask in question is the default umask "022" on the target machine, which should not be changed globally, only by changing the configuration of the writer process (sftp server in this case).

So if you're allowed and willing to change the sshd configuration on the target machine follow popesy's suggestion (set "-u 7" to get the desired permissions), but if you don't want to touch the target server my suggestion is the way to go.
0
 

Accepted Solution

by:
Nicenchrisp earned 0 total points
ID: 39680669
ALL,

Solved by using a sticky bit !
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39680682
Neither the "sticky" bit nor the SUID or SGID bits for directories can influence permissions, only ownership.

May I ask you to explain your solution in detail?
0
 

Author Comment

by:Nicenchrisp
ID: 39680929
a sticky bit was applied to the directory where the file lands which provided the nesscary group membership in order for the onward processing to take place.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39681276
Ok, so far for the group ownership.

But you wrote in your question

>> when the file arrives at the destination the permissions are reduced <<

and

>> I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.  <<

Which way did you cope with these requirements?
0
 

Author Closing Comment

by:Nicenchrisp
ID: 39689434
simple is best
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Parsing a file using ksh 10 64
Skill Development 15 176
Most secure Linux or x86 Unix that are least prone to ransomware/malware 24 111
Solaris 4.1.3 cloning and booting 13 77
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
We all know how boring and exhausting it is to transfer huge web projects developed locally to a webserver simply via FTP. The File Transfer Protocol is a really nice solution if you need to transfer small amounts of files, but if you're plannin…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question