openssh and umask - SSH

This is a discussion on openssh and umask - SSH ; I have several users that I'd like to set their umask to 002. I know I could write a wrapper to the sftp-server binary and do this globally, but I only want this for certain users. I've read about the ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: openssh and umask

  1. openssh and umask

    I have several users that I'd like to set their umask to 002. I know I
    could write a wrapper to the sftp-server binary and do this globally,
    but I only want this for certain users. I've read about the
    ~HOME/.ssh/environment file. I've included this file in my test user's
    home directory and have the file say umask 002 (I also tried
    umask=002), but this still does no good. I double checked that
    sshd_config has PermitUserEnvironment set to yes (and I restarted
    sshd). What is the format of the environment file? I've only seen it
    has to be VARS=$value. Anyone have an example? Does the file need to
    have certain permissions? Thanks in advance!!


  2. Re: openssh and umask


    > I have several users that I'd like to set their umask to 002. I know I
    > could write a wrapper to the sftp-server binary and do this globally,
    > but I only want this for certain users. I've read about the
    > ~HOME/.ssh/environment file. I've included this file in my test user's
    > home directory and have the file say umask 002 (I also tried
    > umask=002), but this still does no good. I double checked that
    > sshd_config has PermitUserEnvironment set to yes (and I restarted
    > sshd). What is the format of the environment file? I've only seen it
    > has to be VARS=$value. Anyone have an example? Does the file need to
    > have certain permissions? Thanks in advance!!


    The umask is not an environment variable; it is a property of the process
    and has to be set by a system call.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: openssh and umask

    I've read that umask can somehow be sent via the ~HOME/.ssh/environment
    variable. However no one seems to have an example. The closest thing
    I've found is that setting BASH_ENV will in effect allow you to declare
    a umask (through dot files).


  4. Re: openssh and umask


    > I've read that umask can somehow be sent via the ~HOME/.ssh/environment
    > variable. However no one seems to have an example.


    Not surprising.

    > The closest thing I've found is that setting BASH_ENV will in effect
    > allow you to declare a umask (through dot files).


    Yes. If you read bash(1) INVOCATION, you'll see that the shell may not
    read startup files on a non-interactive login (e.g. sftp-server). You can
    use BASH_ENV to get around this; this is a technique I use.

    --
    Richard Silverman
    res@qoxp.net


  5. Re: openssh and umask

    Okay, I'm having a difficult time getting the ~HOME/.ssh/environment
    file set up properly. I have created the environment file in the
    location above and have the following line in the file:

    BASH_ENV=/export/home/greg/.bashrc

    In .bashrc I have set umask to 002. (line that simply says umask 002).
    However both scp and sftp continue to use 022. I doublechecked that
    sshd_config has PermitUserEnvironment yes and that sshd has been
    restarted.

    If you could point out what I'm doing wrong I'd appreciate it. Thanks
    in advance!!


+ Reply to Thread