|

»

openbsd user - misc

umask for remote host in sftp / sftp-server

View: New views

4 Messages — Rating Filter: Alert me

	umask for remote host in sftp / sftp-server by Lars Nooden-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message How can umask be set on the remote host for chrooted sftp users? I'm having trouble guessing how to set umask for sftp users on the remote system. AFAIK, it is usually function of the shell, which is not used by the sftp client. ~/.cshrc, ~/.profile, and ~/.login seem to not affect sftp, nor did /etc/csh.cshrc or /etc/csh.login A workaround for non-chroot sftp: If the sftp user authenticated using a key, then the key in the ~/.ssh/authorized_keys file can be modified with this: command="umask 0002;/usr/libexec/sftp-server;" but that constrains that key to sftp use only and no ssh action. That work-around, obviously, won't work in the chrooted sftp. /Lars
	Re: umask for remote host in sftp / sftp-server by Bugzilla from leva@ecentrum.hu :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Saturday 31 October 2009 10.13.44 you wrote: > How can umask be set on the remote host for chrooted sftp users? [...] Setup a umask for your users' class in login.conf(5). Perhaps add them in a new class, eg.: master.passwd(5): user:*:1001:1001:sftp:0:0::/home/user:/bin/ksh login.conf(5): sftp:\ :umask=027:\ :tc=default: Daniel -- LIVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
	Re: umask for remote host in sftp / sftp-server by Darren Tucker :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Lars Nooden wrote: > How can umask be set on the remote host for chrooted sftp users? You can set it on the server side with sftp-server's "-u" option but that's very new (post 4.6). You would have something like this in sshd_config: Subsystem sftp sftp-server -u 0022 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
	Re: umask for remote host in sftp / sftp-server by Lars Nooden-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Darren Tucker wrote: > Lars Nooden wrote: >> How can umask be set on the remote host for chrooted sftp users? > > You can set it on the server side with sftp-server's "-u" option but > that's very new (post 4.6). > > You would have something like this in sshd_config: > > Subsystem sftp sftp-server -u 0022 Thanks, Darren. I see also that it's now also possible to explicitly specify the identity file to use (-i) with the sftp client. Both are, for me, sought after improvements. The sftp-server manual page in -current mentions the user's default umask. How is that default found? I notice that ssh-keygen still won't take data from a redirect or pipe. Is there a saftey or developmental reason for that? It'd be very nice to be able to use redirection with it as with other programs. e.g. : ssh-keyscan host.example.org \| ssh-keygen -lf - instead of ssh-keyscan host.example.org \| ssh-keygen -lf /dev/stdin Regards, /Lars