Solved

UNIX File permissions when using STFP

Posted on 2013-11-25
9
727 Views
Last Modified: 2013-12-02
I am perfomring PUT using SFTP (FTP with SSH), I require explicit file permissions on the landed file based on user and group of the destination host.

The host destination is PUTing with a set of permissions although when the file arrives at the destination the permissions are reduced.

I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.
0
Comment
Question by:Nicenchrisp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39675249
Your issue might be due to the remote umask modifying the permissions.

sftp supports the chmod, chown and chgrp subcommands.

So you can do

sftp hostname
put /path/to/local/file /path/to/uploaded/file
chmod 770 /path/to/uploaded/file


Add chown/chgrp statements as needed.
0
 

Author Comment

by:Nicenchrisp
ID: 39676955
Which umask is coming into play here, where would the umask file be located ?  what should it contain ? How would I apply the umask in order to test ?

all transfers will require the same permissions and a FTP script change will be tough to implement.  Changing the umask will be easier, therefore......

Which umask is coming into play here, where would the umask file be located ?  what should it contain ? How would I apply the umask in order to test ?
0
 
LVL 4

Expert Comment

by:popesy
ID: 39677188
Hi, you can set the umask value in the sshd_config using;

1. All users;

Subsystem       sftp    /usr/sbin/sftp-server -u 2

2. Or the 'Match group' stanza like;

Match Group <groupname>
ForceCommand /usr/sbin/sftp-server -u 2

You'll have to figure out your umask value needed based on the system default or such like.

I've used the 'Match User/Group' stanzas for a chroot SFTP jailing, but I've not had to alter any umask values.

Of course don't forget to stop/start the sshd to pick up the sshd_config changes.

Cheers, JP.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39677401
Hi,

popesy's suggestion implies changing the sshd config on the target machine - I assumed that you didn't want to do that.

The umask in question is the default umask "022" on the target machine, which should not be changed globally, only by changing the configuration of the writer process (sftp server in this case).

So if you're allowed and willing to change the sshd configuration on the target machine follow popesy's suggestion (set "-u 7" to get the desired permissions), but if you don't want to touch the target server my suggestion is the way to go.
0
 

Accepted Solution

by:
Nicenchrisp earned 0 total points
ID: 39680669
ALL,

Solved by using a sticky bit !
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39680682
Neither the "sticky" bit nor the SUID or SGID bits for directories can influence permissions, only ownership.

May I ask you to explain your solution in detail?
0
 

Author Comment

by:Nicenchrisp
ID: 39680929
a sticky bit was applied to the directory where the file lands which provided the nesscary group membership in order for the onward processing to take place.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39681276
Ok, so far for the group ownership.

But you wrote in your question

>> when the file arrives at the destination the permissions are reduced <<

and

>> I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.  <<

Which way did you cope with these requirements?
0
 

Author Closing Comment

by:Nicenchrisp
ID: 39689434
simple is best
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Guacamole cut and paste issue 3 115
Putty serial connect in windows 10 won't work 7 1,197
What are recommended OS for exim mail server? 10 119
Linux "time" command output redirection 16 217
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question