Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
cancel
Showing results for 
Search instead for 
Did you mean: 

permission strange Issue

itrc55
Regular Advisor

permission strange Issue

 Hi,

 

i enabled the trusted mode on all HP servers (11.31) without problem, but when i copy file or directory from server to other by using sftp command the permission on destination server it's different of source server. ??!

and when i disable the trusted mode on destination server the permission will be the same on source.

 

How can i resolve this issue with trusted mode enabled ?

 

Thanks

14 REPLIES
James R. Ferguson
Acclaimed Contributor

Re: permission strange Issue

Hi:

 

By default, Trusted mode provides a more secure 'umask'.  You can "loosen" the security by choosing a different 'umask' in '/etc/default/security' (globally or system-wide) and/or in '/var/adm/userdb' for changing on a per-user basis.  See the 'security(4) and the 'userdb(4)' manpages for more information.

 

Regards!

 

...JRF...

itrc55
Regular Advisor

Re: permission strange Issue

Hi,

 

what is the best value of umask to avoid permission changed when copy file from system to other.

please i need answer because it's very urgent case.

 

where the current value is 0 and range is 0 - 511

and i try to change it to 331 for example and this the result r-- --- ---

 

please your support

 

Thanks

James R. Ferguson
Acclaimed Contributor

Re: permission strange Issue


itrc55 wrote:

what is the best value of umask to avoid permission changed when copy file from system to other.



Keeping the 'umask' the same on your systems is one way.  Using 'scp -p' is another.

 

Regards!

 

...JRF...

itrc55
Regular Advisor

Re: permission strange Issue

Hi,

Thanks for your support the -p option its working with acp command. but in my case other system push more files to HP-UX system by using sftp command how to resolve this issue. and all system has same umask 0

Thanks again
James R. Ferguson
Acclaimed Contributor

Re: permission strange Issue


itrc55 wrote:

Thanks for your support the -p option its working with acp command. but in my case other system push more files to HP-UX system by using sftp command how to resolve this issue. and all system has same umask 0


You should also be able to do this more directly by specifying 'chmod' in the SFTP sesion dialog you specifiy.

 

Regards!

 

...JRF...

itrc55
Regular Advisor

Re: permission strange Issue

Hi,

 

"You should also be able to do this more directly by specifying 'chmod' in the SFTP sesion dialog you specifiy."

 

but i said before the source system push it files by sftp command with 755 permission (Example) but the permission on the destination system is 700 always when trusted mode enabled.

 

is there any solution for that ?

 

Thanks

James R. Ferguson
Acclaimed Contributor

Re: permission strange Issue


itrc55 wrote:

but i said before the source system push it files by sftp command with 755 permission (Example) but the permission on the destination system is 700 always when trusted mode enabled.

is there any solution for that ?


Do (by example):

 

# sftp ...

> put /path/to/file

> chmod 555 /path/to/file

 

Like all good software you can always ask 'sftp' for help by typing "help" after establishing a connection.

 

Regards!

 

...JRF...

Dennis Handly
Acclaimed Contributor

Re: permission strange Issue

> chmod 555 /path/to/file

 

I assume you are now implying that "scp -p" won't help?

Earl_Crowder
Trusted Contributor

Re: permission strange Issue

If you cannot change the scripts that are sftp-ing to your host, you can touch the file "/etc/default/BYPASS_TRUSTED_SYSTEM_UMASK_RESTRICTIONS" .  You need patch PHCO_39232 for 11.31 (or later) to enable this functionality.

 

Beware the security implications of doing this.

James R. Ferguson
Acclaimed Contributor

Re: permission strange Issue


Dennis Handly wrote:

> chmod 555 /path/to/file

 

I assume you are now implying that "scp -p" won't help?


This was in response to the OP saying that some transfers were with 'scp' and some with 'sftp" (for whatever reason(s).

 

Regards!

 

...JRF...

itrc55
Regular Advisor

Re: permission strange Issue

Hi,

 

from where can i download this patch "PHCO_39232" for 11.31 version.

 

Note: the source system it's auto generating files with 755 permission to destination system where i see it with 700 permission.

 

Thanks for your support

Dennis Handly
Acclaimed Contributor

Re: permission strange Issue

>from where can I download this patch PHCO_39232 for 11.31 version.

 

Where you get the rest of the patches, the HPSC: 11.31 libpam_hpsec cumulative patch

The recommended patch is PHCO_41859.

itrc55
Regular Advisor

Re: permission strange Issue

Hi,

 

Thanks my problem it's resolved now by installing PHCO_41859 patch and touch this file 

"/etc/default/BYPASS_TRUSTED_SYSTEM_UMASK_RESTRICTIONS"

 

Thanks i don't forget the points but i wait good answer about this questions

 

but what is the " Beware the security implications of doing this."

 

Thanks again

 

James R. Ferguson
Acclaimed Contributor

Re: permission strange Issue


itrc55 wrote:

Thanks my problem it's resolved now by installing PHCO_41859 patch and touch this file 

"/etc/default/BYPASS_TRUSTED_SYSTEM_UMASK_RESTRICTIONS

 

but what is the " Beware the security implications of doing this."

 


You are reducing (a bit) the security of files and directories that are created from what a normal Trusted system would establish; no more, no less.

 

The Technical Knowledge Base has an article describing this in more detail:

 

Title: HP-UX 11i Security - Ability to Change Login UMASK on Trusted Systems from Default 077 with General Release Patches for HP-UX 11.23 and HP-UX 11.31

Document ID: emr_na-c01683323-3

Regards!

 

...JRF...