Re: Is there a work-around for a umask bug in rssh/chroot ??
On Aug 27, 12:50 pm, Henrique de Moraes Holschuh <h...@debian.org>
wrote:
> On Wed, 27 Aug 2008, Bob wrote:
> > On Aug 27, 9:00 am, Henrique de Moraes Holschuh <h...@debian.org>
> > wrote:
> > > On Tue, 26 Aug 2008, Bob Goldberg wrote:
> > > > running etch; rssh/chroot with users allowed sftp only
> > > > I have myumask=007 in my rssh.conf; I have setgid=true on all home dir's.
>
> > > > When a user uploads a file, that file does NOT have mode=660 as I would
> > > > expect - instead it's 640.
>
> > > Did you check that the code is trying to create the file with file mode 777
> > > (so thatumaskhas full control of what will end up on the inode)? If it
> > > does, e.g, 644, yourumaskwill never be able to get a 660 out of it.
>
> > Henrique-
> > TX for your reply...
>
> > I'm not sure I understand where I would look for that...
> > because this is a chroot'ed user, and they can only use sftp thru rssh
> > - I had thought the mode settings associated with those packages would
> > over-ride any others...
>
> > now if a normal user creates a file - it IS 644... is that what you
> > mean?
>
> What I mean is thatUmaskcan only *CLEAR* bits. If sftp/rssh is trying to
> create a file of mode 0644, all your 0777umaskcan do is cause it to become
> 0640.
>
AH... I see what you mean...
in all the conf files relating to sftp/rssh/ssh - there are only
references to umask (and I have them set to umask=007).
It may be that my understanding of mode/umask is lacking... but even
in the /etc/profile only umask is set. I had thought that the umask
DETERMINED what the mode was... I was unaware that it could only clear
bits from a previously set mode value...
Do you know where the default mode is set then? (i've looked @
profile; login.def; rc files etc)
I would have thought that anything I did with ssh/rssh/sftp would have
been contained to only that area - but if I have to change my system-
wide mode default - I'm fine with that.
TX again IA :)
Reply to: