HPE Community
Operating System - Tru64 Unix
1827283 Members
3444 Online
109717 Solutions
New Discussion

Tru64 SSH2 umask problemٍٍ

 
SOLVED
Go to solution
Osama Ahmed
Advisor

‎05-07-2006 10:21 PM

‎05-07-2006 10:21 PM

Tru64 SSH2 umask problemٍٍ

Hi,
I have a TruCluster system (5.1B PK5)where files uploaded to using sftp. The file uploaded did not get the umask value of the user account used to upload the files. The uploaded files always takes
permissions 600 !! It looks like a limitation to the SSH2 Server on the Tru64 machine.

Anyone had any experience with SSH2, any work arounds there to solve this problem ?

We can't use OpenSSH as some Cluster utilities/Advfs Utilities did not work with OpenSSH.

Please Help
0 Kudos
13 REPLIES 13
Ivan Ferreira
Honored Contributor

‎05-08-2006 01:55 AM

‎05-08-2006 01:55 AM

Re: Tru64 SSH2 umask problemٍٍ

If sftp is enabled, probably you can use scp. Using scp -p may help.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Osama Ahmed
Advisor

‎05-08-2006 05:45 PM

‎05-08-2006 05:45 PM

Re: Tru64 SSH2 umask problemٍٍ

Ivan,
I can't control the upload process as another company. They just use sftp.

My question:
- Is sftp login make use of the user profile ? i.e: Can I execute a shell script in user profile upon login to change the ownership ?

Thanks
0 Kudos
Ivan Ferreira
Honored Contributor

‎05-09-2006 01:47 AM

‎05-09-2006 01:47 AM

Re: Tru64 SSH2 umask problemٍٍ

No, you cant. The sftp command is does not have too many options. I suggested scp because normally, ssh, scp ans sftp are available if you open port 22 on the firewall.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Vladimir Fabecic
Honored Contributor

‎05-09-2006 01:52 AM

‎05-09-2006 01:52 AM

Re: Tru64 SSH2 umask problemٍٍ

Hello
Are you using advanced security?
In that case default umask should be 077, I think.
In vino veritas, in VMS cluster
0 Kudos
Ann Majeske
Honored Contributor

‎05-09-2006 06:03 AM

‎05-09-2006 06:03 AM

Re: Tru64 SSH2 umask problemٍٍ

Why don't you just create a script to change the file permissions the way you want and set it to run periodically from cron?
0 Kudos
Osama Ahmed
Advisor

‎05-09-2006 06:03 PM

‎05-09-2006 06:03 PM

Re: Tru64 SSH2 umask problemٍٍ

The uploaded files got picked by a running process.

The smallest period cron can handle is every min, and the running process can try to pick the file while the cron is just waiting to be executed next min.

This will make the process miss the file because of its permissions.

I am using enhanced security. Is SSH use the default umask of enhanced security ? If yes, Can I change the default umask of enhanced securty, to let SSH use it and solve my problem ?

Thanks


0 Kudos
Vladimir Fabecic
Honored Contributor

‎05-09-2006 06:57 PM

‎05-09-2006 06:57 PM

Re: Tru64 SSH2 umask problemٍٍ

Osama
sftp does not execute /etc/profile (where umask is defined). Your problem is caused by advanced security, not SSH2.
I think that only workaround would some script that runs in background.
Maybe someone has better idea.
Regards
In vino veritas, in VMS cluster
0 Kudos
Osama Ahmed
Advisor

‎05-09-2006 07:44 PM

‎05-09-2006 07:44 PM

Re: Tru64 SSH2 umask problemٍٍ

Vladimir,
thanks a lot. My question now is:

- Is there anyway one can change default umask of enhanced security ? If so, How ?

0 Kudos
Vladimir Fabecic
Honored Contributor

‎05-09-2006 08:33 PM

‎05-09-2006 08:33 PM

Solution

Re: Tru64 SSH2 umask problemٍٍ

Osama
look this:
http://unix.derkeiler.com/Mailing-Lists/Tru64-UNIX-Managers/2005-07/0057.html
In vino veritas, in VMS cluster
Osama Ahmed
Advisor

‎05-09-2006 09:04 PM

‎05-09-2006 09:04 PM

Re: Tru64 SSH2 umask problemٍٍ

Vladimir,
Thanks a lot. There is no way to change the default file permissions of Enhanced security environment.

scp will be the solution in this case.

Thanks
0 Kudos
Adam Garsha
Valued Contributor

‎05-16-2006 12:03 AM

‎05-16-2006 12:03 AM

Re: Tru64 SSH2 umask problemٍٍ

I was the guy that posted to tru64 managers list.

FYI, I ended up building an openssh daemon using the sftplogging and chroot patches... works great and, overall, I have better compatibility with all my other *NIXes since arguably openssh is the defacto/superior SSH implementation.

Caution... if you install openssh, take care to not disturb your ssh.com installation (i.e. make use of configure flags to put the install into a safe place away from the default SSH.com install package); otherwise, you could run into problems at your next patch session.

Also, once you roll-your-own... you have to be vigilent about upgrading to ensure security.

So, there are pros and cons... but having the same SSH everywhere was worth it for us.
0 Kudos
Adam Garsha
Valued Contributor

‎05-16-2006 12:22 AM

‎05-16-2006 12:22 AM

Re: Tru64 SSH2 umask problemٍٍ

I forgot to include the link to the sftplogging patch (allows umask control):

http://sftplogging.sourceforge.net/
0 Kudos
Kapil Jha
Honored Contributor

‎05-22-2006 06:18 PM

‎05-22-2006 06:18 PM

Re: Tru64 SSH2 umask problemٍٍ

Hey
to change permission every sec u can run a script which will change permission mucah faster

while true
do
chmod 660 path
done

This may help if u cant use scp -p.
Thanks
I am in this small bowl, I wane see the real world......
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.