UNIX File permissions when using STFP
I am perfomring PUT using SFTP (FTP with SSH), I require explicit file permissions on the landed file based on user and group of the destination host.
The host destination is PUTing with a set of permissions although when the file arrives at the destination the permissions are reduced.
I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.
The host destination is PUTing with a set of permissions although when the file arrives at the destination the permissions are reduced.
I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing.
ASKER
Which umask is coming into play here, where would the umask file be located ? what should it contain ? How would I apply the umask in order to test ?
all transfers will require the same permissions and a FTP script change will be tough to implement. Changing the umask will be easier, therefore......
Which umask is coming into play here, where would the umask file be located ? what should it contain ? How would I apply the umask in order to test ?
all transfers will require the same permissions and a FTP script change will be tough to implement. Changing the umask will be easier, therefore......
Which umask is coming into play here, where would the umask file be located ? what should it contain ? How would I apply the umask in order to test ?
Hi, you can set the umask value in the sshd_config using;
1. All users;
Subsystem sftp /usr/sbin/sftp-server -u 2
2. Or the 'Match group' stanza like;
Match Group <groupname>
ForceCommand /usr/sbin/sftp-server -u 2
You'll have to figure out your umask value needed based on the system default or such like.
I've used the 'Match User/Group' stanzas for a chroot SFTP jailing, but I've not had to alter any umask values.
Of course don't forget to stop/start the sshd to pick up the sshd_config changes.
Cheers, JP.
1. All users;
Subsystem sftp /usr/sbin/sftp-server -u 2
2. Or the 'Match group' stanza like;
Match Group <groupname>
ForceCommand /usr/sbin/sftp-server -u 2
You'll have to figure out your umask value needed based on the system default or such like.
I've used the 'Match User/Group' stanzas for a chroot SFTP jailing, but I've not had to alter any umask values.
Of course don't forget to stop/start the sshd to pick up the sshd_config changes.
Cheers, JP.
Hi,
popesy's suggestion implies changing the sshd config on the target machine - I assumed that you didn't want to do that.
The umask in question is the default umask "022" on the target machine, which should not be changed globally, only by changing the configuration of the writer process (sftp server in this case).
So if you're allowed and willing to change the sshd configuration on the target machine follow popesy's suggestion (set "-u 7" to get the desired permissions), but if you don't want to touch the target server my suggestion is the way to go.
popesy's suggestion implies changing the sshd config on the target machine - I assumed that you didn't want to do that.
The umask in question is the default umask "022" on the target machine, which should not be changed globally, only by changing the configuration of the writer process (sftp server in this case).
So if you're allowed and willing to change the sshd configuration on the target machine follow popesy's suggestion (set "-u 7" to get the desired permissions), but if you don't want to touch the target server my suggestion is the way to go.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Neither the "sticky" bit nor the SUID or SGID bits for directories can influence permissions, only ownership.
May I ask you to explain your solution in detail?
May I ask you to explain your solution in detail?
ASKER
a sticky bit was applied to the directory where the file lands which provided the nesscary group membership in order for the onward processing to take place.
Ok, so far for the group ownership.
But you wrote in your question
>> when the file arrives at the destination the permissions are reduced <<
and
>> I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing. <<
Which way did you cope with these requirements?
But you wrote in your question
>> when the file arrives at the destination the permissions are reduced <<
and
>> I need the the gid 101 to have rwx
I need the user to have rwx
Eveyone else nothing. <<
Which way did you cope with these requirements?
ASKER
simple is best
sftp supports the chmod, chown and chgrp subcommands.
So you can do
sftp hostname
put /path/to/local/file /path/to/uploaded/file
chmod 770 /path/to/uploaded/file
Add chown/chgrp statements as needed.