Bug#649115: marked as done (openssh-server: umask setting with internal-sftp does not work correctly)

Thu, 06 Jun 2013 07:46:54 -0700 

Your message dated Thu, 6 Jun 2013 15:43:14 +0100
with message-id <[email protected]>
and subject line Re: Bug#649115: Acknowledgement (openssh-server: umask setting 
with internal-sftp does not work correctly)
has caused the Debian Bug report #649115,
regarding openssh-server: umask setting with internal-sftp does not work 
correctly
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
649115: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649115
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:5.5p1-6+squeeze1
Severity: normal
Tags: upstream

I changed the default umask of 0022 to 0007 for internal-sftp by defining this
line in the sshd configuration file /etc/sshd_config:

  Subsystem sftp internal-sftp -u 0007

This works like expected:

  sftp> mkdir directory
  sftp> ls -l
  drwxrwx---    2 user      group      4096 Nov 17 19:28 directory

But I did some tests with other umask settings and got strange results. I used
"strace" for looking at the umask system call of the sshd process while opening
the sftp connection:

  $ strace -f -p $(ps -ef |grep /usr/sbin/sshd| grep -v grep | awk '{print
$2}') 2>&1 | grep umask

For the above working example I got this result:

  [pid 11078] umask(077)                  = 022
  [pid 11078] umask(022)                  = 077
  [pid 11091] umask(07)                   = 022


Some examples with incorrect behaviour:

------
SSHD_CONFIG:
  Subsystem sftp internal-sftp -u 0077

SFTP:
  drw-rw--w-    2 user      group      4096 Nov 17 19:31 directory

STRACE:
  [pid 10939] umask(077)                  = 022
  [pid 10939] umask(022)                  = 077
  [pid 10949] umask(0115)                 = 022

------
SSHD_CONFIG:
  Subsystem sftp internal-sftp -u 0027

SFTP:
  drwxr--r--    2 user      group      4096 Nov 17 19:33 directory

STRACE:
  [pid 10735] umask(077)                  = 022
  [pid 10735] umask(022)                  = 077
  [pid 10745] umask(033)                  = 022

------
SSHD_CONFIG:
  Subsystem sftp internal-sftp -u 0067

SFTP:
  drw-rwxr--     2 user      group      4096 Nov 17 19:39 directory

STRACE:
  [pid 10897] umask(077)                  = 022
  [pid 10897] umask(022)                  = 077
  [pid 10907] umask(0103)                 = 022


The mode which ist set on newly created directories, suits to the last of the
three umask settings, which strace shows. But this is very different to my
setting.



-- System Information:
Debian Release: 6.0.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-server depends on:
ii  adduser             3.112+nmu2           add and remove users and groups
ii  debconf [debconf-2. 1.5.36.1             Debian configuration management sy
ii  dpkg                1.15.8.11            Debian package management system
ii  libc6               2.11.2-10            Embedded GNU C Library: Shared lib
ii  libcomerr2          1.41.12-4stable1     common error description library
ii  libgssapi-krb5-2    1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - k
ii  libkrb5-3           1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries
ii  libpam-modules      1.1.1-6.1+squeeze1   Pluggable Authentication Modules f
ii  libpam-runtime      1.1.1-6.1+squeeze1   Runtime support for the PAM librar
ii  libpam0g            1.1.1-6.1+squeeze1   Pluggable Authentication Modules l
ii  libselinux1         2.0.96-1             SELinux runtime shared libraries
ii  libssl0.9.8         0.9.8o-4squeeze4     SSL shared libraries
ii  libwrap0            7.6.q-19             Wietse Venema's TCP wrappers libra
ii  lsb-base            3.2-23.2squeeze1     Linux Standard Base 3.2 init scrip
ii  openssh-blacklist   0.4.1                list of default blacklisted OpenSS
ii  openssh-client      1:5.5p1-6+squeeze1   secure shell (SSH) client, for sec
ii  procps              1:3.2.8-9            /proc file system utilities
ii  zlib1g              1:1.2.3.4.dfsg-3     compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.4-1  X authentication utility

Versions of packages openssh-server suggests:
pn  molly-guard                   <none>     (no description available)
pn  rssh                          <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)
pn  ufw                           <none>     (no description available)

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:5.7p1-1

On Thu, Jun 06, 2013 at 03:30:30PM +0100, Colin Watson wrote:
> On Fri, Nov 18, 2011 at 11:04:33AM +0100, [email protected] wrote:
> > I justed realized, that the umask setting is interpreted as a decimal
> > number and not octal, like usual.
> > 
> > This is already fixed upstream.
> > 
> > From Changelog:
> > 
> > 20101105
> > - [email protected] 2010/11/04 02:45:34
> >   [sftp-server.c]
> >   umask should be parsed as octal. reported by candland AT xmission.com;
> >   ok markus@
> 
> Thanks.  Belatedly closing with the appropriate package version, then.

Oops, and sending to the right address this time ...

-- 
Colin Watson                                       [[email protected]]

--- End Message ---

Reply via email to