HPE Community
Operating System - HP-UX
1823725 Members
3314 Online
109664 Solutions
New Discussion юеВ

different umask for ssh and telnet

 
Johannes Kamentz_3
Occasional Advisor

тАО02-28-2005 10:24 PM

тАО02-28-2005 10:24 PM

different umask for ssh and telnet

Hi folks,

on our systems I found an interesting effect with the login behaviour. There seems to be a difference in the umask output when logging on via ssh or telnet at least for the csh shell.

I varied the user shell from ksh to csh, logged in with ssh and telnet and verified the settings with the umask command:

In detail I found

user has csh:
umask 027 for ssh connection
umask 077 for telnet connection

user has ksh
umask 027 for ssh connection
umask 027 for telnet connection

As our general settings are as follows the behaviour for ksh are clear to me:

/sbin/rc umask 022
/etc/profile umask 027
/etc/csh.login no umask specified
$HOME/.cshrc no umask specified

Also in the sshd_config and telnetd config in the /etc/inetd.conf no umask settings are specified.

Can someone help me to understand, why the umask is 077 when logging on to the csh via telnet ?

Thanks in advance
Johannes
0 Kudos
8 REPLIES 8
RAC_1
Honored Contributor

тАО02-28-2005 11:54 PM

тАО02-28-2005 11:54 PM

Re: different umask for ssh and telnet

csh shell uses /etc/csh.login as a profile and then .login in user's home dir. Did you check these files to check they have some setting about umask. If not you can set global csh setting for umask in /etc/csh.login

Anil
There is no substitute to HARDWORK
0 Kudos
Steven E. Protter
Exalted Contributor

тАО03-01-2005 12:26 AM

тАО03-01-2005 12:26 AM

Re: different umask for ssh and telnet

The reason you are seeing these results is that the csh users use a different login profile than ksh. Whatever code in the files(noted in response one)may be portable to /etc/profile or .profile with some amount of work.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Johannes Kamentz_3
Occasional Advisor

тАО03-01-2005 01:01 AM

тАО03-01-2005 01:01 AM

Re: different umask for ssh and telnet

Thanks for Your replies. The .login in the user $HOME and /etc/csh.login contain no umask settings. I could verify this behaviour also on other servers.

What is confusing to me is that there is a difference in the umask when logging in with ssh instead of telnet. But only for csh.

Where does this come from ?
0 Kudos
RAC_1
Honored Contributor

тАО03-01-2005 01:08 AM

тАО03-01-2005 01:08 AM

Re: different umask for ssh and telnet

What is the ssh version?? update to the latest available.

Anil
There is no substitute to HARDWORK
0 Kudos
Johannes Kamentz_3
Occasional Advisor

тАО03-01-2005 02:18 AM

тАО03-01-2005 02:18 AM

Re: different umask for ssh and telnet

We use ssh A.03.81.002.
But from my perspective with ssh I get the correct umask setting.

I do not understand where the 077 comes from when logging in via telnet to the csh.
0 Kudos
Bill Hassell
Honored Contributor

тАО03-01-2005 02:31 AM

тАО03-01-2005 02:31 AM

Re: different umask for ssh and telnet

Not having umask explicitly set (using the default) is not good at all as umask may be set to 000 which is a big security risk. Always edit /etc/profile, /etc/csh.login and the login profiles for any other shells to add an appropriate umask value. Relying on .cshrc, .profile, .bashrc, etc is not a good policy...users can change their local profiles so make sure there is an explicit umask.

NOTE: If you're using a workstation (and Xwindows/CDE) rather than a server, then the default is to bypass all Unix profiles. To restore normal Unix behavior, you can set the Xresource value *loginShell to true. Create a .Xdefaults file with:

echo "*loginShell:true" >> $HOME/.Xdefaults

Now all the terminal windows (xterm, hpterm, dtterm) will go through a normal login profile.


Bill Hassell, sysadmin
0 Kudos
Johannes Kamentz_3
Occasional Advisor

тАО03-03-2005 09:47 PM

тАО03-03-2005 09:47 PM

Re: different umask for ssh and telnet

Defined an umask in the /etc/csh.login now and with that I get always the same umask for a user with a csh, no matter if they use ssh or telnet.

Thanks for all Your inputs.
0 Kudos
Johannes Kamentz_3
Occasional Advisor

тАО03-03-2005 09:50 PM

тАО03-03-2005 09:50 PM

Re: different umask for ssh and telnet

got some valueable background information
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.