The permission torture



Hello!

In effort to address at least one of my permission problems, I would be glad
to see a working solution for this kind of problem:

1. at sshd_config:
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /public
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

2. at client's bash:
sshfs server:/ /home/kr/krpub-mount -o "IdentityFile=/home/kr/.ssh/id_rsa" -o
uid=$(id -u kr) -o gid=$(id -g kr) -o allow_other -o default_permissions -o
reconnect -o no_check_root -o umask=0002

touch /home/kr/krpub-mount/writeable_dir/1
ls -la /home/kr/krpub-mount/writeable_dir/1
-rwxrwxr-x 1 kr kr 0 2009-06-12 08:51 krpub-mount/writeable_dir/1

3. at server:
ls -la /public/writeable_dir/1
-rw------- 1 kr kr 0 2009-06-12 08:51 1

Removing " -o umask=0002" just shows the actual, too strict permissions.

And here is the trouble. How can those permissions be controlled on server, if
internal-sftp is used with ChrootDirectory?
Please, this has been a problem way to long... If there was a way to set
minimum permissions in sshd_config for newly created files, it would have
been solved, at least in my case! There is a problem with konqueror, which is
eating up the group write bit, that way it could be solved...

Well, please don't hesitate, if you know some relevant solution!

k.

Attachment: signature.asc
Description: This is a digitally signed message part.



Relevant Pages

  • Re: [opensuse] 10.2: YOU resets /root/ permissions?
    ... What are those permissions you are refering to? ... Check out the entry for /root in /etc/permissions. ... even once pointing out what a dumb idea this is. ... Dumber than critisising a working solution without suggesting a better ...
    (SuSE)
  • Re: write with cURL
    ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
    (alt.php)
  • RE: Windows 2003 Server - Everyone Group
    ... this folder only accessable by the users in the "special" group. ... Configure User and Group Access on an Intranet in Windows Server ... NTFS files system permissions control ... group that you want to set permissions for, click Check Names to verify the ...
    (microsoft.public.win2000.networking)
  • Fail DBD::Mysql 4.003 installation
    ... This test requires a running server and write permissions. ... permissions, then retry. ... Failed 9/9 tests, 0.00% okay ...
    (perl.dbi.users)
  • Re: write with cURL
    ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
    (alt.php)