Bug#649115: marked as done (openssh-server: umask setting with internal-sftp does not work correctly)
Your message dated Thu, 6 Jun 2013 15:43:14 +0100
with message-id <20130606144314.GV5693@riva.ucam.org>
and subject line Re: Bug#649115: Acknowledgement (openssh-server: umask setting with internal-sftp does not work correctly)
has caused the Debian Bug report #649115,
regarding openssh-server: umask setting with internal-sftp does not work correctly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
649115: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649115
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: umask setting with internal-sftp does not work correctly
- From: Ingo Rogalsky <rog7993@web.de>
- Date: Thu, 17 Nov 2011 20:19:38 +0100
- Message-id: <20111117191938.11438.86954.reportbug@ix001.iis.fhg.de>
Package: openssh-server
Version: 1:5.5p1-6+squeeze1
Severity: normal
Tags: upstream
I changed the default umask of 0022 to 0007 for internal-sftp by defining this
line in the sshd configuration file /etc/sshd_config:
Subsystem sftp internal-sftp -u 0007
This works like expected:
sftp> mkdir directory
sftp> ls -l
drwxrwx--- 2 user group 4096 Nov 17 19:28 directory
But I did some tests with other umask settings and got strange results. I used
"strace" for looking at the umask system call of the sshd process while opening
the sftp connection:
$ strace -f -p $(ps -ef |grep /usr/sbin/sshd| grep -v grep | awk '{print
$2}') 2>&1 | grep umask
For the above working example I got this result:
[pid 11078] umask(077) = 022
[pid 11078] umask(022) = 077
[pid 11091] umask(07) = 022
Some examples with incorrect behaviour:
------
SSHD_CONFIG:
Subsystem sftp internal-sftp -u 0077
SFTP:
drw-rw--w- 2 user group 4096 Nov 17 19:31 directory
STRACE:
[pid 10939] umask(077) = 022
[pid 10939] umask(022) = 077
[pid 10949] umask(0115) = 022
------
SSHD_CONFIG:
Subsystem sftp internal-sftp -u 0027
SFTP:
drwxr--r-- 2 user group 4096 Nov 17 19:33 directory
STRACE:
[pid 10735] umask(077) = 022
[pid 10735] umask(022) = 077
[pid 10745] umask(033) = 022
------
SSHD_CONFIG:
Subsystem sftp internal-sftp -u 0067
SFTP:
drw-rwxr-- 2 user group 4096 Nov 17 19:39 directory
STRACE:
[pid 10897] umask(077) = 022
[pid 10897] umask(022) = 077
[pid 10907] umask(0103) = 022
The mode which ist set on newly created directories, suits to the last of the
three umask settings, which strace shows. But this is very different to my
setting.
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2. 1.5.36.1 Debian configuration management sy
ii dpkg 1.15.8.11 Debian package management system
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.12-4stable1 common error description library
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - k
ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries
ii libpam-modules 1.1.1-6.1+squeeze1 Pluggable Authentication Modules f
ii libpam-runtime 1.1.1-6.1+squeeze1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l
ii libselinux1 2.0.96-1 SELinux runtime shared libraries
ii libssl0.9.8 0.9.8o-4squeeze4 SSL shared libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-client 1:5.5p1-6+squeeze1 secure shell (SSH) client, for sec
ii procps 1:3.2.8-9 /proc file system utilities
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.4-1 X authentication utility
Versions of packages openssh-server suggests:
pn molly-guard <none> (no description available)
pn rssh <none> (no description available)
pn ssh-askpass <none> (no description available)
pn ufw <none> (no description available)
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:5.7p1-1
On Thu, Jun 06, 2013 at 03:30:30PM +0100, Colin Watson wrote:
> On Fri, Nov 18, 2011 at 11:04:33AM +0100, rog7993@web.de wrote:
> > I justed realized, that the umask setting is interpreted as a decimal
> > number and not octal, like usual.
> >
> > This is already fixed upstream.
> >
> > From Changelog:
> >
> > 20101105
> > - djm@cvs.openbsd.org 2010/11/04 02:45:34
> > [sftp-server.c]
> > umask should be parsed as octal. reported by candland AT xmission.com;
> > ok markus@
>
> Thanks. Belatedly closing with the appropriate package version, then.
Oops, and sending to the right address this time ...
--
Colin Watson [cjwatson@debian.org]
--- End Message ---
Reply to: