[scponly] scponly and umask
Kaleb Pederson
kaleb.pederson at gmail.com
Wed Mar 25 16:24:45 EDT 2009
On Wed, Mar 25, 2009 at 12:04 PM, Ken <kbingham at booksurge.com> wrote:
> Kaleb Pederson wrote:
>> Could you please provide some debug output from scponly?
>>
>> I'm not sure what facilities the sftpfilecontrol patch are using to
>> set the umask and chmod controls. The sftp-logging patch used
>> environment variables, which scponly passes on to the sftp server, but
>> without knowing specifics to the sftpfilecontrol patch, I can't offer
>> any further suggestions.
>
> http://pastebin.com/m7c4f1160
It looks like it's doing something similar:
[...slightly trimmed...]
scponly[14961]: Unable to find "LOG_SFTP" in the environment
scponly[14961]: Found "USER" and setting it to "kentest"
scponly[14961]: Found "SFTP_UMASK" and setting it to ""
scponly[14961]: Found "SFTP_PERMIT_CHMOD" and setting it to "1"
scponly[14961]: Found "SFTP_PERMIT_CHOWN" and setting it to "1"
scponly[14961]: Unable to find "SFTP_LOG_LEVEL" in the environment
scponly[14961]: Unable to find "SFTP_LOG_FACILITY" in the environment
scponly[14961]: Environment contains "USER=kentest"
scponly[14961]: Environment contains "SFTP_UMASK="
scponly[14961]: Environment contains "SFTP_PERMIT_CHMOD=1"
scponly[14961]: Environment contains "SFTP_PERMIT_CHOWN=1"
scponly[14961]: running: /usr/libexec/openssh/sftp-server (username:
kentest(30004), IP/port: <origin ip address> 58884 22)
SFTP_UMASK isn't set, which would have controlled the umask setting in
the sftplogging patch. Also note that SFTP_PERMIT_CHMOD=1 which seems
to imply that it should indeed be allowed.
What they would be set like under a normal shell and does it work
correctly under a normal shell?
You should be able to find out by doing something like the following:
# connect to the sftp-server from your client
# then on the actual server, run something like the following as root:
SFTP_PID=`ps aux | grep '[s]ftp-server' | head -n 1 | awk '{print
$2}'` && cat /proc/$SFTP_PID/environ | xargs -n1 -0 echo
That little script assumes the first sftp-server PID found is the
correct one and that you're running on Linux with proc filesystem
support.
Thanks.
--Kaleb
> Thank you for your help!
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>
More information about the scponly
mailing list