[scponly] why is it necessary to use sftplogging patch for umask?
Ralf Durkee
rd at rd1.net
Fri Feb 25 17:29:47 EST 2005
At 01:33 PM 2/25/2005, Steven Sweet wrote:
>Hi,
>
>I looked through the archived messages and found the info about patching
>the sftp-server with the sftplogging patch at sourceforge. I'm a bit
>confused by that though because it seems to be the scponly "shell" that
>causes the problem.
>
>If I set up a user with login shell of /bin/bash and set the umask as 002
>in their .bashrc, the files are created by sftp with the correct
>permissions. Its not until I change their login shell to
>/usr/local/bin/scponly that their umask is not applied.
It's /bin/bash that's reading the .bashrc and setting the umask. You lose
that functionality intentionally when you take away /bin/bash. We wouldn't
want scponly reading .bashrc files and running shells commands, since the
main point is not it give shell capability to the user.
>If the stock sftp-server component can correctly set the umask by itself,
The stock sftp-server component does not set the umask. The patch
mentioned is a patch to the sftp-server, not to scponly.
>why is that the piece that needs to be patched for scponly to be able to
>set the umask?
>
>Thanks.
-- Ralf Durkee, CISSP, GSEC, GCIH
Principal Consultant
http://rd1.net
More information about the scponly
mailing list