Re: Is there a work-around for a umask bug in rssh/chroot ??
On Aug 27, 12:50 pm, Henrique de Moraes Holschuh <h...@debian.org>
wrote:
> On Wed, 27 Aug 2008, Bob wrote:
> > On Aug 27, 9:00 am, Henrique de Moraes Holschuh <h...@debian.org>
> > wrote:
> > > On Tue, 26 Aug 2008, Bob Goldberg wrote:
> > > > running etch; rssh/chroot with users allowed sftp only
> > > > I have myumask=007 in my rssh.conf; I have setgid=true on all home dir's.
>
> > > > When a user uploads a file, that file does NOT have mode=660 as I would
> > > > expect - instead it's 640.
>
> > > Did you check that the code is trying to create the file with file mode 777
> > > (so thatumaskhas full control of what will end up on the inode)? If it
> > > does, e.g, 644, yourumaskwill never be able to get a 660 out of it.
>
> > Henrique-
> > TX for your reply...
>
> > I'm not sure I understand where I would look for that...
> > because this is a chroot'ed user, and they can only use sftp thru rssh
> > - I had thought the mode settings associated with those packages would
> > over-ride any others...
>
> > now if a normal user creates a file - it IS 644... is that what you
> > mean?
>
> What I mean is thatUmaskcan only *CLEAR* bits. If sftp/rssh is trying to
> create a file of mode 0644, all your 0777umaskcan do is cause it to become
> 0640.
>
Sorry -
I should have also mentioned in my last post...
that I've tried doing EVERYTHING with pam / pam_umask
while I can control the umask of shell users; NOTHING I do seems to
control the umask of rssh/sftp users.
Reply to: