HPE Community
Operating System - HP-UX
1824971 Members
3258 Online
109678 Solutions
New Discussion юеВ

Re: remsh/rcp umask issues

 
SOLVED
Go to solution
K. Lesperance
Advisor

тАО04-06-2009 12:28 PM

тАО04-06-2009 12:28 PM

remsh/rcp umask issues

Hi,

We're having an issue attempting to rcp a file from one system to another. When copying to any other system, the permissions are preserved, however, this one system keeps resetting them to 600 (source permissions are 644).

If we try a "remsh hostname -l userid "/usr/bin/umask", we're seeing the umask is set to 077, instead of 00.

We cannot figure out where this value is coming from. There is no umask setting in the user's .profile/.login (plus this seems to affect all users, not just specific ones), nor is there one in /etc/profile. umask is set to 022 in /sbin/rc. I've compared the umask setting in all of the scripts in /sbin/init.d/, and they are the same across working and non-working hosts.

Any help with this would be greatly appreciated. We're unable to simply use "rcp -p", as we have a compiled application with rcp hard-coded without the flag.

Thank you.
0 Kudos
16 REPLIES 16
OldSchool
Honored Contributor

тАО04-06-2009 12:46 PM

тАО04-06-2009 12:46 PM

Re: remsh/rcp umask issues

does the file already exist on the destination server? if so, and without the "-p", the "new" file retains the permissions of the existing file:


"If the -p option is not specified, rcp preserves the mode and owner of dest_file if it already exists;"
0 Kudos
Tingli
Esteemed Contributor

тАО04-06-2009 12:49 PM

тАО04-06-2009 12:49 PM

Re: remsh/rcp umask issues

How about have umask=022 in .profile?
0 Kudos
OldSchool
Honored Contributor

тАО04-06-2009 12:51 PM

тАО04-06-2009 12:51 PM

Re: remsh/rcp umask issues

also, what shell does the user have on the destination server? OS on that server?
0 Kudos
K. Lesperance
Advisor

тАО04-06-2009 12:57 PM

тАО04-06-2009 12:57 PM

Re: remsh/rcp umask issues

No, the file does not exist.

umask is not set in .profile/.login as I mentioned in my original post. Plus, those files should not be sourced by rcp, I don't think.

Source is HP-UX 11.11, Destination is 11.31. We're seeing this behaviour with /sbin/sh and /bin/ksh. I haven't looked into csh yet.

Thanks
0 Kudos
Patrick Wallek
Honored Contributor

тАО04-06-2009 01:50 PM

тАО04-06-2009 01:50 PM

Re: remsh/rcp umask issues

Check /etc/inetd.conf and see if any of the r-services have an option to specify the umask used.

I don't have an 11.31 system handy so I can't test that theory.
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО04-06-2009 08:23 PM

тАО04-06-2009 08:23 PM

Re: remsh/rcp umask issues

>If we try a "remsh hostname -l userid "/usr/bin/umask", we're seeing the umask is set to 077, instead of 00.

remsh doesn't execute ~/.profile.

Have you looked in these rc scripts:
/sbin/init.d/clean_adm
/sbin/init.d/hppcifddi
/sbin/init.d/inetd
/sbin/init.d/kmbuild
/sbin/init.d/secsh
/sbin/init.d/syslogd
0 Kudos
Suraj K Sankari
Honored Contributor

тАО04-06-2009 10:42 PM

тАО04-06-2009 10:42 PM

Re: remsh/rcp umask issues

Hi,

Yes remsh is not using .profile so in this case right a script which copy your file from source to destination and change the permission.

Suraj
0 Kudos
K. Lesperance
Advisor

тАО04-07-2009 05:35 AM

тАО04-07-2009 05:35 AM

Re: remsh/rcp umask issues

Patrick,

There's nothing in inetd.conf that's setting a umask. /sbin/init.d/inetd sets umask to 000, however, this is the same on both the working and non-working systems.

Dennis,

What am I looking for with these scripts? As I mentioned earlier, the umask value for is the same on every script on both working and non-working systems.

Suraj,

Writing a script is not an answer. As I said, we have a program that is copying these files over, and we cannot modify it. Aside from that, I'd rather solve this than work around it.
0 Kudos
Dennis Handly
Acclaimed Contributor

тАО04-07-2009 10:45 PM

тАО04-07-2009 10:45 PM

Re: remsh/rcp umask issues

>What am I looking for with these scripts? As I mentioned earlier, the umask value for is the same on every script on both working and non-working systems.

This at least gives the default or starting values. When I use remsh, my umask is 0.

If it is 77, there must be some other change.
What does your /etc/inetd.conf have for rlogin?
0 Kudos
K. Lesperance
Advisor

тАО04-08-2009 03:47 AM

тАО04-08-2009 03:47 AM

Re: remsh/rcp umask issues

Dennis,

those scripts all have the default values, the same as on the working hosts:

root # grep -i umask *
OVTrcSrv: (umask 002; /opt/OV/lbin/xpl/trc/ovtrcd)
clean_adm: mask=`umask`
clean_adm: umask 022
clean_adm: umask $mask
ems: UmaskValue=`umask`
ems: umask u=r,g=r,o=r
ems: umask $UmaskValue
ems: UmaskValue=`umask`
ems: umask u=r,g=r,o=r
ems: umask $UmaskValue
esm:umask 022
gwlmagt:umask 077
hpsmh:umask 002
hpsmh: umask 333
hpsmh: umask 002
inetd: mask=`umask`
inetd: umask 000
inetd: umask $mask
prngd.rc:umask 022
rstemsListener:umask 022
sec_mgmt:umask 077
spc:umask 077
syslog-ng: # Note. This umask is mostly paranoia. syslog-ng
syslog-ng: mask=`umask`
syslog-ng: umask 022 # u=rwx,g=rx,o=rx, disable group/other write
syslog-ng: umask $mask
syslogd: mask=`umask`
syslogd: umask 022
syslogd: umask $mask

inetd.conf has the following for remsh:

shell stream tcp6 nowait root /usr/lbin/remshd remshd
0 Kudos
Per Christensen_1
Advisor

тАО04-08-2009 04:22 AM

тАО04-08-2009 04:22 AM

Solution

Re: remsh/rcp umask issues

Hi

Nice one actually.
Apparently remshd on 11.31 does NOT use the UMASK setting i /etc/default/security as it says in man. Only way I can think of to change this behaviour is to make a change to /etc/pam.conf in the section Session Management by adding bypass_umask:

Before:
rcomds session required libpam_hpsec.so.1 bypass_limit_login

After:
rcomds session required libpam_hpsec.so.1 bypass_limit_login bypass_umask

Hope this helps you,
Have a nice Easter everyone.
Cheers
Per
0 Kudos
K. Lesperance
Advisor

тАО04-09-2009 05:48 AM

тАО04-09-2009 05:48 AM

Re: remsh/rcp umask issues

Pat,

I think you found it!

root # grep -i umask pam.conf
ftp session required libpam_hpsec.so.1 bypass_limit_login bypass_umask bypass_nologin
rcomds session required libpam_hpsec.so.1 bypass_limit_login bypass_umask

Thanks everyone!
0 Kudos
K. Lesperance
Advisor

тАО04-09-2009 06:01 AM

тАО04-09-2009 06:01 AM

Re: remsh/rcp umask issues

False alarm - one of my colleagues added that in to pam.conf, but it hasn't seemed to help. The umask is set to 077 regardless of whether or not we include "bypass_umask" in pam.conf.
0 Kudos
K. Lesperance
Advisor

тАО04-16-2009 09:02 AM

тАО04-16-2009 09:02 AM

Re: remsh/rcp umask issues

We've finally found the solution. It appears somebody manually started inetd, instead of using the script in /sbin/inetd. This caused inetd to inherit the umask of the session it was started as. Starting inetd with the init script has caused remsh/rcp to use the correct umask again.

Thanks for all the help.
0 Kudos
K. Lesperance
Advisor

тАО04-16-2009 09:03 AM

тАО04-16-2009 09:03 AM

Re: remsh/rcp umask issues

Restarted inetd using init script /sbin/init.d/inetd, instead of manually running /usr/sbin/inetd.
0 Kudos
Per Christensen_1
Advisor

тАО04-16-2009 11:47 PM

тАО04-16-2009 11:47 PM

Re: remsh/rcp umask issues

Hi K.
Great the problems is solved. Do you still have the umask setting in pam.conf ?
My tests showed that was the solution.
Just curious.
Cheers
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.