Solved

UNIX File permissions when using STFP

Posted on 2013-11-25
9
730 Views
Last Modified: 2013-12-02
I am perfomring PUT using SFTP (FTP with SSH), I require explicit file permissions on the landed file based on user and group of the destination host.

The host destination is PUTing with a set of permissions although when the file arrives at the destination the permissions are reduced.

I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.
0
Comment
Question by:Nicenchrisp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39675249
Your issue might be due to the remote umask modifying the permissions.

sftp supports the chmod, chown and chgrp subcommands.

So you can do

sftp hostname
put /path/to/local/file /path/to/uploaded/file
chmod 770 /path/to/uploaded/file


Add chown/chgrp statements as needed.
0
 

Author Comment

by:Nicenchrisp
ID: 39676955
Which umask is coming into play here, where would the umask file be located ?  what should it contain ? How would I apply the umask in order to test ?

all transfers will require the same permissions and a FTP script change will be tough to implement.  Changing the umask will be easier, therefore......

Which umask is coming into play here, where would the umask file be located ?  what should it contain ? How would I apply the umask in order to test ?
0
 
LVL 4

Expert Comment

by:popesy
ID: 39677188
Hi, you can set the umask value in the sshd_config using;

1. All users;

Subsystem       sftp    /usr/sbin/sftp-server -u 2

2. Or the 'Match group' stanza like;

Match Group <groupname>
ForceCommand /usr/sbin/sftp-server -u 2

You'll have to figure out your umask value needed based on the system default or such like.

I've used the 'Match User/Group' stanzas for a chroot SFTP jailing, but I've not had to alter any umask values.

Of course don't forget to stop/start the sshd to pick up the sshd_config changes.

Cheers, JP.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39677401
Hi,

popesy's suggestion implies changing the sshd config on the target machine - I assumed that you didn't want to do that.

The umask in question is the default umask "022" on the target machine, which should not be changed globally, only by changing the configuration of the writer process (sftp server in this case).

So if you're allowed and willing to change the sshd configuration on the target machine follow popesy's suggestion (set "-u 7" to get the desired permissions), but if you don't want to touch the target server my suggestion is the way to go.
0
 

Accepted Solution

by:
Nicenchrisp earned 0 total points
ID: 39680669
ALL,

Solved by using a sticky bit !
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39680682
Neither the "sticky" bit nor the SUID or SGID bits for directories can influence permissions, only ownership.

May I ask you to explain your solution in detail?
0
 

Author Comment

by:Nicenchrisp
ID: 39680929
a sticky bit was applied to the directory where the file lands which provided the nesscary group membership in order for the onward processing to take place.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39681276
Ok, so far for the group ownership.

But you wrote in your question

>> when the file arrives at the destination the permissions are reduced <<

and

>> I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.  <<

Which way did you cope with these requirements?
0
 

Author Closing Comment

by:Nicenchrisp
ID: 39689434
simple is best
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question