Operating System - HP-UX
1839248 Members
2153 Online
110137 Solutions
New Discussion

Re: umask and ftp permissions

 
SOLVED
Go to solution
Joe Profaizer
Super Advisor

umask and ftp permissions

We have a user setup with umask set in their .profile to 003. When files are created by this user its permissions look like:

-rw-rw-r-- 1 fsadmstl psofthr 0 Oct 3 09:27 a

When using ftp on windows 2k to transfer files to this unix machine as this user all the files are created as:

-rw-r----- 1 fsadmstl psofthr 594 Oct 3 09:22 uw.tbs

We'd like to have the files created with the same permissions whether they're logging in to the unix box or ftp'ing from a remote windows 2k box.
How do you make this happen?
15 REPLIES 15
Dietmar Konermann
Honored Contributor

Re: umask and ftp permissions

Try changing the default umask of ftpd using it's -u option in /etc/inetd.conf. See man ftpd(1M).
"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)
Joe Profaizer
Super Advisor

Re: umask and ftp permissions

Is there a way to change on a per user basis instead of a global ftpd uname?
Dietmar Konermann
Honored Contributor
Solution

Re: umask and ftp permissions

Hi!

That depends on the HP-UX revision you are using. Beginnig with 11.00 + PHNE_14479 you have a lot of more config options via the ftpaccess(4) file, see the man page for this, especially the examples at the end.

Regards...
Dietmar.

"Logic is the beginning of wisdom; not the end." -- Spock (Star Trek VI: The Undiscovered Country)
Phillip Renner
Advisor

Re: umask and ftp permissions

Hi there,

The default umask for ftp is 027 and I don't think there is a way to change that. However, you can open your ftp session then enter "umask 002" (or whatever value you want) to change to umask for that ftp session.
Rory R Hammond
Trusted Contributor

Re: umask and ftp permissions

Try editing /etc/inetd.conf
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -L -v -u 122

the -u option is the default umask. Change to what you need

good luck
There are a 100 ways to do things and 97 of them are right
Jeff Schussele
Honored Contributor

Re: umask and ftp permissions

Hi Joe,

Yrs, there's a way to do this on an individual user basis.
Using the /etc/ftpd/ftpacces file you can insert a line as follows:

upload /home/username /path/to/upload/dir yes username groupname 0664

Syntax as follows:
1) upload - function
2) user's defined home dir
3) dir where user will be placing files
4) yes - uploads permitted
5) owner of file uploaded (may be diff than user)
6) same as above for group ownership
7) perms automatically placed on file

As you can see it's the last field that gives you this control. Also note that the 3rd field narrows this statement down to ONLY files coming into THAT dir. If user places in other dirs - you'll need mult statements. The second field narrows it down to the user with THAT dir defined as /home/dir
And as stated earlier this is available on 11.0 & above.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Joe Profaizer
Super Advisor

Re: umask and ftp permissions

Modified /etc/inetd.conf to contain ftpd -a
We found out we needed the "-a" to use /etc/ftpd/ftpaccess file

Reloaded inetd config file inetd -c

Put entry in /etc/ftpd/ftpaccess

Tried remote ftp from Windows 2k for different users and received "530 User access denied' for every user that used to be able to ftp before. Where is a valid user on the HP box.

What are we missing?
Jeff Schussele
Honored Contributor

Re: umask and ftp permissions

Few things to check.

1) Make sure these users are NOT listed in the /etc/ftpd/ftpusers file as this is a list of users NOT allowed to ftp.

2) Check /var/adm/inetd.sec for any denies that would prevent ftp access for these users by hostname or subnet.

3) Make sure the users have a PW - it must not be null.

4) IF you have an /etc/shells file, the user's shell (full path) MUST be listed in it.

5) Use ftpd -l -a in inetd.conf as the -l will give more logging info. Should help debugging the problem.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Joe Profaizer
Super Advisor

Re: umask and ftp permissions

Checked all that out as we had the -l -a option in the inetd.conf. Nothing showed up in /var/adm/syslog/syslog.log that was worthwhile.

Anywhere else we should look?

..Joe
Jeff Schussele
Honored Contributor

Re: umask and ftp permissions

Do you have a class statement in the ftpaccess file?

If not, all users will be denied.

Should look like

class all real,guest,anonymous *


HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Joe Profaizer
Super Advisor

Re: umask and ftp permissions

That did the trick Jeff.

Thanks!!
Joe Profaizer
Super Advisor

Re: umask and ftp permissions

We are trying to allow certain ftp users to access only a specific directory on our Unix box and giving these users a specific umask. The way we are setting this up is by putting an entry in /etc/passwd for this user to change its root directory and using ftpaccess for umask:

Here is the /etc/passwd entry:

psoftp:*:146:113:Psoft ftp test acct,,,:/opt/appserver/psftfsdm/finstl/rga/./dat:/usr/bin/ksh


Here is our ftpaccess file:

class all real,guest,anonymous *

upload /opt/appserver/psftfsdm/finstl/rga/dat /opt/appserver/psftfsdm/finstl/rga/dat yes fsadmstl psofthr 0440

We are able to successfully login via ftp and the home directory is set. While in the ftp session when we execute cd / it takes it to the root directory and not the /opt/appserver/psftfsdm/finstl/rga directory as specified in the /etc/passwd file. Can you help?
Jeff Schussele
Honored Contributor

Re: umask and ftp permissions

Hi (again) Joe,

Immediately after connecting do a pwd - what dir are they in?

Should be that home dir you specified.
If so, no cd / should be required...then there's a way to keep them from moving....I'll have to look that up.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
John Poff
Honored Contributor

Re: umask and ftp permissions

Hi Joe,

I setup something similar to this on a Linux box, and I'm getting ready to do it on an HP-UX system. I setup a group called 'ftpusers' in /etc/group and put all the ftp users in there that I wanted chroot'd to their ftp login directory. Then, in ftpaccess, I did:

class ftpusers guest *
guestgroup ftpusers

They login via ftp and get chroot'd to the directory in their /etc/passwd entry.

I hope that helps a little.

JP


Joe Profaizer
Super Advisor

Re: umask and ftp permissions


We'vd setup a Unix user account with the intention of this user only being able to ftp data to the Unix machine. The account looks like this in /etc/passwd:

psoftp:*:146:113:Psoft ftp test acct,,,:/opt/appserver/psftfsdm/finstl/rga/./dat:/usr/bin/false

We also needed the files that this user ftp'd to have a different owner and group other than this user's so we were using ftpaccess to do this. The /etc/ftpd/ftpaccess file looks like this:

class all real,guest,anonymous *

guestgroup psoftp

upload /opt/appserver/psftfsdm/finstl/rga/dat /opt/appserver/psftfsdm/finstl/rga/dat yes fsadmstl psofthr 0440


We've also changed /etc/inetd.conf to use fptd -l -a and used inetd -c to refresh the configuration which looks like this:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l -a


After ftp'ing a file using the psoftp userid to the Unix machine the file's permissions look like this in directory /opt/appserver/psftfsdm/finstl/rga/dat:

-rw-r----- 1 psoftp psoftp 20 Mar 5 12:50 webservicedesk.txt

We are wanting it to be:


-rw-r----- 1 fsadmstl psofthr 20 Mar 5 12:50 webservicedesk.txt


We're pretty sure this was working at one time. Can anyone see where we're going wrong?