Monday, November 10, 2014

umask setting using sshd_config on Solaris 10 for scp,sftp file transfers

I was looking to setup a custom umask for specific user using sftp and scp connection types.

1. sftp
2. scp
3. ssh hostname
4. ssh hostname program

The difference between 3. and 4. is that the former starts a shell which usually reads the/etc/profile information while the latter doesn't.

In addition by reading this post I've became aware of the -u option that is present in newer versions of
OpenSSH.

However this doesn't work.
I must also add that /etc/profile now includes umask 0027.

Going point by point:
sftp - Setting -u 0027 in sshd_config as mentioned here, is not enough


It's quite easy to force environments variables in an SSH session, since /etc/profile, /etc/bash.bashrc etc. are read. But when you launch commands with SSH without opening a session, these files are not parsed, so it gets harder to set the environment.


So it can be useful to know that /etc/environment is read by SSH as well as login.
The format is "VARIABLE=VALUE" for each line.

In my case, I needed to force TMPDIR to "/var/lib/gforge-dop/chroot/tmp" so I just put "TMPDIR=/var/lib/gforge-dop/chroot/tmp" in /etc/environment and it worked :)

The umask is not an environment variable; it is a property of the process and has to be set by a system call.

---------------------------------------------------------------------------------------------------------
Solaris 11
http://docs.oracle.com/cd/E26502_01/html/E29042/ssh-config-4.html#REFMAN4ssh-config-4

Solaris 10
http://docs.oracle.com/cd/E26505_01/html/816-5174/sshd-config-4.html#REFMAN4sshd-config-4
---------------------------------------------------------------------------------------------------------

Hello Pankaj,

As per our conversation, it is not possible to set umask per user in S10 with sftp .
This feature is only available in S11.

Here is the RFE/bug filed:
6803109: Add option for sftp/scp server to set a default umask

It was addressed in S11 and not in S10.

Customer transfers files and changes umask on sftp server is the workaround or upgrade system to S11.

Regards,

Oracle

Solaris and Network Domain, Global Systems Support
Phone: +1 800-223-1711
Oracle Global Customer Services

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)