[scponly] scponly and umask
Ken
kbingham at booksurge.com
Tue Mar 31 10:13:24 EDT 2009
While sftp users are in session,
SFTP_PID=(`ps aux | grep '[s]ftp-server' | awk '{print $2}'`);[
"$SFTP_PID" ] && for i in ${SFTP_PID[*]};do sudo cat /proc/$i/environ |
xargs -n1 -0 echo;done || echo -e "\n\$SFTP_PID not defined\n"
reveals the SFTP_UMASK,SFTP_PERMIT_CHMOD,SFTP_PERMIT_CHOWN env vars are
the same in a shell for a normal user and for a chrooted scponly user.
SFTP_UMASK=""
SFTP_PERMIT_CHMOD="1"
SFTP_PERMIT_CHOWN="1"
while sshd_config says:
# sftp-server umask control
SftpUmask 0002
SftpPermitChmod no
SftpPermitChown no
Again, versions and options are:
OpenSSH_5.1p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8e-fips-rhel5,
scponly-4.8 w/ --enable-winscp-compat --enable-sftp-logging-compat
--enable-rsync-compat --enable-chrooted-binary
Ken Bingham
SysAdmin, Booksurge
(843) 760-8038 EST
Kaleb Pederson wrote:
> ...
> I'm not sure what facilities the sftpfilecontrol patch are using to
> set the umask and chmod controls. The sftp-logging patch used
> environment variables, which scponly passes on to the sftp server, but
> without knowing specifics to the sftpfilecontrol patch, I can't offer
> any further suggestions.
> ...
More information about the scponly
mailing list