HPE Community
Operating System - HP-UX
1823750 Members
3934 Online
109664 Solutions
New Discussion юеВ

Re: umask of SSH

 
SOLVED
Go to solution
kcw
Advisor

тАО08-10-2008 11:00 PM

тАО08-10-2008 11:00 PM

umask of SSH

Hi all,
I am new to HP-UX admin and i have a question. When I telnet to a HP-UX machine (11iv2) and touch a file or create a directory, the umask is 666 and 777 respectively. However, the umask is 644 and 755 (file and directory)when i use ssh to that machine. Is there any way to config the umask for ssh so that it will become 666 and 777?? Many thanks

Best Regards
KCW
0 Kudos
Reply
7 REPLIES 7
Dennis Handly
Acclaimed Contributor

тАО08-10-2008 11:26 PM

тАО08-10-2008 11:26 PM

Re: umask of SSH

>touch a file or create a directory, the umask is 666 and 777 respectively.

You are confused, there is one umask and its value is the negation, 000.

>the umask is 644 and 755

So it is 022.

>become 777

So you want umask to be 000.
Reply
kcw
Advisor

тАО08-10-2008 11:45 PM

тАО08-10-2008 11:45 PM

Re: umask of SSH

Hi Dennis
Thank you very much for your prompt and useful reply. I tried to config the umask by using the following command: "#umask 000" and it success to create a file with umask 666 and directory with 777.
However, I found that everytime I "ssh" to that machine, I still need to do "#umask 000" so that I can touch a file as 666 and directory as 777. My question is: can we set the umask so that everytime it can be umask 000 when we ssh to that machine??? Many thanks for your help

Best Regards
KCW
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-11-2008 12:09 AM

тАО08-11-2008 12:09 AM

Re: umask of SSH

Shalom

For security reasons SFTP and SCP for certain will not permit a umask of 777

Giving a default of full read write execute is a very bad thing to do, making it easy to compromise a machine.

I would not be surprised if openssh which is supposed to be a secure connection product will not permit this to occur.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Kenan Erdey
Honored Contributor

тАО08-11-2008 12:11 AM

тАО08-11-2008 12:11 AM

Solution

Re: umask of SSH

Hi,

umask setting is in /etc/profile or in the .profile file in users' home directory. if you can add a line umask 000 in .profile file. But why do you want to change umask setting to this unsecure one ?

Kenan.
Computers have lots of memory but no imagination
Reply
Dennis Handly
Acclaimed Contributor

тАО08-11-2008 12:16 AM

тАО08-11-2008 12:16 AM

Re: umask of SSH

>can we set the umask so that every time it can be umask 000 when we ssh to that machine?

The first thread talks about umask and ssh. But it says SftpUmask. There may be another parm for just ssh.
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1243033
http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1256138
Reply
kcw
Advisor

тАО08-11-2008 01:00 AM

тАО08-11-2008 01:00 AM

Re: umask of SSH

Hi Kenan,
Problem solved by adding "umask 000" in .profile, many thanks. Because those machines are in trusted mode and same security inner zone, thats why the programmer would like to do the 666 and 777 for the umask value.

-> SEP and Dennis: thanks for your help, appreciate your efforts :)

Best Regards
KCW
0 Kudos
Reply
Sp4admin
Trusted Contributor

тАО08-11-2008 05:04 AM

тАО08-11-2008 05:04 AM

Re: umask of SSH

Hi Kcw,

Sometimes when we change the ssh2_config file we stop the sshd deamon then we do a umask 0000 at this point we restart the sshd and the umask is set correctly.

Hope this helps!
Sp,
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.