HPE Community
Operating System - Linux
1827853 Members
1483 Online
109969 Solutions
New Discussion

Re: sftp setting umask issue

 
MikeL_4
Super Advisor

‎05-18-2012 09:40 AM

‎05-18-2012 09:40 AM

sftp setting umask issue

We are running Red Hat Version 5.7 on our servers...

 

I've set the subsystem sftp line in /etc/ssh/sshd_config.conf to set the umask for file being dropped on the server to permissions of 664

Subsystem sftp /usr/libexec/openssh/sftp-server -u 0002
and restarted sshd services afterwards..


However when I test it and do an sftp to the server I get connection closed:

-> sftp logftp0@apsclog1
Connecting to apsclog1...
Connection closed
[19:55:24] /home/.....
->

I remove the '-u 0002' from the Subsystem line, and sftp allows logins again via sftp..

 

The ultimate goal is that all files that are put onto the server via sftp have '664' permissions...


Can anyone tell me what I may be missing here ???

0 Kudos
Reply
1 REPLY 1
corydd
Occasional Contributor

‎06-15-2012 07:26 AM

‎06-15-2012 07:26 AM

Re: sftp setting umask issue

I had a slightly more complicated problem in that I had to use different umask settings depending on what user was connecting.  I wrote a shell script that reads a configuration file to find the umask value, then call the sftp systems.

 

/usr/local/jobs/ssh_wrapper ----------------------------------------

#!/bin/ksh

CFGFILE=$(dirname $0)/$(basename $0).cfg

LOG=$(egrep -cl '^[[:space:]]*\#\$[[:space:]LOG[[:space:]]*=[[:space:]]*1[[:space:]]*$' $CFGFILE)

if [[ -r $CFGFILE ]]
then
        LINE=$(grep "^[[:space:]]*$USER[[:space:]]*[0-7]*" $CFGFILE | tail -n 1)
        if [[ x$LINE != x ]]
        then
                UMASK=$(echo $LINE | awk ' {print $2}')
                if [[ $LOG -gt 0 ]]
                then
                        logger $USER: Setting umask to $UMASK \($0 $*\)
                fi
                umask $UMASK
        fi
fi

if [[ $# -eq 0 ]]
then
        exec /opt/ssh/libexec/sftp-server
else
        exec $*
fi
------------------------------------------------

The configuration file is named the same as the wrapper script, with a .cfg extension.  Here's an example:

------------------------------------------------

#$ LOG = 0
user1        0113
------------------------------------------------

 

If the LOG value is non-zero, the script calls logger to send messages to syslog.

 

The wrapper is configured in sshd_config:

Subsystem       sftp    /usr/local/jobs/ssh_wrapper

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.