On Aug 27, 12:50 pm, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> wrote: > On Wed, 27 Aug 2008, Bob wrote: > > On Aug 27, 9:00 am, Henrique de Moraes Holschuh <[EMAIL PROTECTED]> > > wrote: > > > On Tue, 26 Aug 2008, Bob Goldberg wrote: > > > > running etch; rssh/chroot with users allowed sftp only > > > > I have myumask=007 in my rssh.conf; I have setgid=true on all home > > > > dir's. > > > > > When a user uploads a file, that file does NOT have mode=660 as I would > > > > expect - instead it's 640. > > > > Did you check that the code is trying to create the file with file mode > > > 777 > > > (so thatumaskhas full control of what will end up on the inode)? If it > > > does, e.g, 644, yourumaskwill never be able to get a 660 out of it. > > > Henrique- > > TX for your reply... > > > I'm not sure I understand where I would look for that... > > because this is a chroot'ed user, and they can only use sftp thru rssh > > - I had thought the mode settings associated with those packages would > > over-ride any others... > > > now if a normal user creates a file - it IS 644... is that what you > > mean? > > What I mean is thatUmaskcan only *CLEAR* bits. If sftp/rssh is trying to > create a file of mode 0644, all your 0777umaskcan do is cause it to become > 0640. >
AH... I see what you mean... in all the conf files relating to sftp/rssh/ssh - there are only references to umask (and I have them set to umask=007). It may be that my understanding of mode/umask is lacking... but even in the /etc/profile only umask is set. I had thought that the umask DETERMINED what the mode was... I was unaware that it could only clear bits from a previously set mode value... Do you know where the default mode is set then? (i've looked @ profile; login.def; rc files etc) I would have thought that anything I did with ssh/rssh/sftp would have been contained to only that area - but if I have to change my system- wide mode default - I'm fine with that. TX again IA :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]