internal-sftp and umask
I'm looking at the umask option in sshd_config for the sftp subsystem in sshd from the dec 27 snapshot of current for i386. According to the man page for sftp-server '-u' ought to set the umask for the sftp session. I'd like to use a specific umask in conjunction with the ChrootDirectory directive so this might be easiest with the internal-sftp method. However, I'm having trouble getting the syntax correct with either sftp subsystem. Neither of the tries below seem to affect the umask: Subsystem sftp/usr/libexec/sftp-server -u 077 Subsystem sftp/usr/libexec/sftp-server -u 0077 Subsystem sftpinternal-sftp -u 077 The middle try gives the following in sshd's logs: debug1: session_input_channel_req: session 0 req subsystem subsystem request for sftp debug1: subsystem: exec() /usr/libexec/sftp-server -u 0077 What is the correct way to set the umask for the internal-sftp subsystem? /Lars
Re: internal-sftp and umask
On Wednesday 26 November 2008 14.39.08 you wrote: > Hi! > > I have a setup: > > OpenBSD 4.4 > > /etc/ssh/sshd_config: > [..] > Match Group sftponly > ChrootDirectory %h > ForceCommand internal-sftp > PasswordAuthentication yes > > But, after login I need to set the umask for the session. > I can not use .ssh/rc because of ForceCommand, and I can not put this > to .ssh/environment (even if I've enabled PermitUserEnvironment), > because there is no such environment variable which would apply here. > > What can I do here? Any suggestions would be appreciated. > Just for the record... I had to create a new class in login.conf(5), eg.: sftponly, and specify the umask= parameter to it, and of course add the user to that class. Daniel -- LEVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
internal-sftp and umask
Hi! I have a setup: OpenBSD 4.4 /etc/ssh/sshd_config: [..] Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp PasswordAuthentication yes But, after login I need to set the umask for the session. I can not use .ssh/rc because of ForceCommand, and I can not put this to .ssh/environment (even if I've enabled PermitUserEnvironment), because there is no such environment variable which would apply here. What can I do here? Any suggestions would be appreciated. Daniel -- LEVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1
