SFTP and umask and enhanced security (only using shadow passwords)

From: Garsha, Adam (adam.garsha@marquette.edu)
Date: Mon Jul 25 2005 - 12:59:05 EDT

• Next message: Garsha, Adam: "SUMMARY: SFTP and umask and enhanced security (only using shadow passwords)"
• Previous message: Shaun.Racine@intier.com: "SUMMARY: LSM - Cannot reattach plex, subdisk mode is RELOCATE (RLOC)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

After moving to use shadow passwords, our sftp users now end up creating
files with mode -rw------- (600).

When users actually log in via ssh and create files locally, the files
are instead -rw-r--r-- (644); this also used to be true for sftp prior
to using shadow passwords.

In /etc/profile the umask is set to 022. So, my working theory is that
enhanced security changed the default umask from 022 to 077 and that
sftp does not run commands in /etc/profile.

1.) What do you think about this theory.
2.) Do you know a way to force the sshd daemon to make sftp use a
certain umask and/or run /etc/profile?
3.) Do you know a reasonable way to change the default system umask to
022?

Adam Garsha
Systems Engineer
Marquette University IT Services
414-288-3750 (Office)
414-235-0112 (Cell)
adam.garsha@marquette.edu

• Next message: Garsha, Adam: "SUMMARY: SFTP and umask and enhanced security (only using shadow passwords)"
• Previous message: Shaun.Racine@intier.com: "SUMMARY: LSM - Cannot reattach plex, subdisk mode is RELOCATE (RLOC)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:22 EDT