Operating System - HP-UX
1748272 Members
4221 Online
108760 Solutions
New Discussion юеВ

Re: File Permission Issue After SFTP

 
X0NET0
Advisor

File Permission Issue After SFTP

Hi Guys,

HP-UX 11.31

I have the following scenario:

Server A
- Database Server.

User XXX
- SFTP from PC to DB Server A with account XXX and group YYY.

Group YYY
- Group YYY is DBA group.

When user SFTP from local PC to DB Server A folder, the file permission assigned is 644 as shown below:
-rw-r--r-- xxx yyy filename

Previously, while the ftpd still enabled, I have the following umask for the ftpd as shown below:

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -u 002

Since now I need to implement SFTP, I have disabled the ftpd line in /etc/inetd.conf.

How can I SFTP to the DB Server A using XXX:YYY with the file permission assigned as 664 instead of 644 after SFTP?

Thank you very much.

Regards,
SSL
9 REPLIES 9
Suraj K Sankari
Honored Contributor

Re: File Permission Issue After SFTP

Hi,

Now what is the permission showing after sftp to your server?

Suraj
Nido
Trusted Contributor

Re: File Permission Issue After SFTP

Hi SSL,

HPUX 11.31 should be running SSH Version A.05.xxx

Check the options in /opt/ssh/etc/sshd_config
#SftpUmask
#SftpPermitChmod yes
#SftpPermitChown yes


Thanks,
" Let Villagers Be Happy!! "
X0NET0
Advisor

Re: File Permission Issue After SFTP

Hi Suraj,
The permission is now 644 after SFTP to server.

Hi Ganesh,
I am using HP-UX Secure Shell A.04.70.023.
About the file that you asked me to check, I can't see any of those info in the file.
Kindly see attached file.

Thanks guys.

Regards,
SSL
Nido
Trusted Contributor

Re: File Permission Issue After SFTP

Hi SSL,

run ssh -v and see if you've support for Sftpfilecontrol patch.

Check this link: http://docs.hp.com/en/T1471-90032/T1471-90032.pdf (Support for the Sftpfilecontrol Patch)


If ssh -v outputs Sftpfilecontrol then I think you should be able to enable the above mentioned options.

p.s. I hate to say, currently I don't have test server to check it.

Thanks,
" Let Villagers Be Happy!! "
X0NET0
Advisor

Re: File Permission Issue After SFTP

Hi Ganesh,

The following is the output from ssh -v:

# ssh -v
OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17, OpenSSL 0.9.7m 23 Feb 2007
HP-UX Secure Shell-A.04.70.023, HP-UX Secure Shell version

I can't enable the /opt/ssh/etc/sshd_config with the following options because there is no such option inside the file unless I add them in manually. Can I do that ? If yes, for document internal documentation wise, which section should I add them in the sshd_config file ?
#SftpUmask
#SftpPermitChmod yes
#SftpPermitChown yes

Thanks.

Regards,
SSL
X0NET0
Advisor

Re: File Permission Issue After SFTP

Hi Guys,

I found out from a site that asked me to put in the following in the /opt/ssh/etc/sshd_config file.

# sftp-server umask control
SftpUmask 002

After that restart the secure shell service:
/sbin/init.d/secsh stop
/sbin/init.d/secsh start

From security point of view, is it fine to enable sftpumask 002 ?

Thanks.

Regards,
SSL
Suraj K Sankari
Honored Contributor

Re: File Permission Issue After SFTP

Hi,
what is the umask set at .profile?
edit umask value in .profile and check

>>How can I SFTP to the DB Server A using XXX:YYY with the file permission assigned as 664 instead of 644 after SFTP?

put umask 133 at your .profile and check

Suraj
Nido
Trusted Contributor

Re: File Permission Issue After SFTP

Hello SSL,

Is the provided solution working for you?

>>>>From security point of view, is it fine to enable sftpumask 002 ?
This question should only be evaluated by you, You had a question to have certain permission on the files after sftp :-)


>>>>put umask 133 at your .profile and check
No, Follow the sftp log file and you'll find that sftp checks the file creation time and sets the umask.

p.s. Please assign points if solution works :-)


Cheers!!
" Let Villagers Be Happy!! "
X0NET0
Advisor

Re: File Permission Issue After SFTP

Hi Guys,

I choose to go for the following:

Added the following to my /opt/ssh/etc/sshd_config file.

# sftp-server umask control
SftpUmask 002

Thanks anyway guys.

Regards,
SSL