HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

permission issue afetr trusted system

 
SOLVED
Go to solution
zxcv
Super Advisor

permission issue afetr trusted system

Hi ,

 

I have a setup wherein am using remsh from one box to another.

as soon as i converted box a and box b trusted ,

the file getting generated on box b using remsh from box a has only 600 permissions.

I tried setting umask 017 in both boxes /etc/profile but o/p still the same.

 

Suggestions needed .

 

Thanks.

11 REPLIES

Re: permission issue after trusted system

>the file getting generated on box b using remsh from box a has only 600 permissions.

>I tried setting umask 017 in both boxes /etc/profile but output still the same.

 

umask permissions for remsh probably come from inetd(1m) and not /etc/profile.

Have you looked in /etc/rc.config.d/* or /etc/inetd.conf?

 

Also, if it comes from inetd(1m), you will need to restart that demon with:

inetd -k

inetd

Or maybe better:

/sbin/init.d/inetd stop

/sbin/init.d/inetd start

zxcv
Super Advisor

Re: permission issue after trusted system

Hi Dennis ,

 

In /etc/inetd.conf i have ;

 

kshell stream tcp nowait root /usr/lbin/remshd remshd -K

 

where am i supposed to make that umask entry ?

zxcv
Super Advisor

Re: permission issue after trusted system

Hi Dennis ,

I am using both ssh and remsh.

for remsh i found its /etc/default/security

for ssh i think should be sshd_config file right ??

 

rariasn
Honored Contributor

Re: permission issue after trusted system

Hi:

 

man inetd

 

The Internet daemon and the servers it starts inherit the LANG and TZ environment variables and the umask of the process that started inetd. If inetd is started by the superuser, it inherits the superuser's
umask, and passes that umask to the servers it starts.

 

 

# umask 017

# inetd -k

# inietd

 

Verify 'umask' entry in /sbin/init.d/inetd file

 

rgs,

 

 

Re: permission issue after trusted system

>for ssh I think should be sshd_config file right?

 

Yes, that's what I saw.

 

>Verify 'umask' entry in /sbin/init.d/inetd file

 

On a untrusted system, I saw it set to 000.

zxcv
Super Advisor

Re: permission issue after trusted system

 Hi Rariasn,

I tried after editing that entry in /sbin/init.d/inetd but still the same permissions .

 

box A contains ssh passwordless script which logins to box B ( trusted ) and creates file of 600 permissions , i want it to be 644.

zxcv
Super Advisor

Re: permission issue after trusted system

Hi Dennis ,

Then what entry to be edited in sshd_config related to umask.

Re: permission issue after trusted system

>Then what entry to be edited in sshd_config related to umask.

 

Oops, wrong file.  There is SftpUmask in /opt/ssh/etc/sshd_config.

 

But my file was /etc/rc.config.d/sshd:

There should be a variable with UMASK in it:

SSHD_UMASK=000 # The acceptable values of ...

zxcv
Super Advisor

Re: permission issue after trusted system

Hi Dennis ,

 

No entry with UMASK variable.

Solution

Re: permission issue after trusted system

Am I missing something here? Why don't you just alter your script to set umask on box B explicitly right before you create the file? Or just chmod it after you created it?


HTH

Duncan
zxcv
Super Advisor

Re: permission issue after trusted system

Hi Duncan ,

You were spot on .

I just edited that script to add umask line.

 

Thank you very much.