On 10/10/2014 04:01 PM, Joe Hartley wrote:
> On Fri, 10 Oct 2014 15:51:29 -0400
> Ivica Ico Bukvic <ico@email-addr-hidden> wrote:
>> So, what I did so far is change /etc/ssh/sshd_config so that sftp
>> chroots said user's home dir, and prevents access via ssh. I also
>> created a sftponly group and added the user to it. I adjusted home dir
>> permissions and created a subfolder "submissions" where users can submit
>> their projects. Finally, I added umask to strip permissions from
>> uploaded files.
>>
>> So, the /etc/ssh/sshd_config has the following entry
>>
>> Match Group sftponly
>> ChrootDirectory /home/%u
>> ForceCommand internal-sftp -u 0222
>> X11Forwarding no
>> AllowTcpForwarding no
> What's your subsystem line look like? You can force the umask there with
> the -u directive. Example:
> Subsystem sftp /usr/libexec/openssh/sftp-server -u 0002
>
> If your sftp-server does not support -u then you can get the same effect
> with this:
> Subsystem sftp /bin/sh -c 'umask 0002; /usr/lib/openssh/sftp-server'
>
Thanks for this but I thought that is what ForceCommand internal-sftp -u
0222 does (and it does change file permissions except that even if
permissions are 000 I can still delete the file through sftp.
Subsystem is
Subsystem sftp /usr/lib/openssh/sftp-server
-- Ivica Ico Bukvic, D.M.A. Associate Professor Computer Music ICAT Senior Fellow DISIS, L2Ork Virginia Tech School of Performing Arts - 0141 Blacksburg, VA 24061 (540) 231-6139 ico@email-addr-hidden www.performingarts.vt.edu disis.music.vt.edu l2ork.music.vt.edu _______________________________________________ Linux-audio-user mailing list Linux-audio-user@email-addr-hidden http://lists.linuxaudio.org/listinfo/linux-audio-userReceived on Sat Oct 11 00:15:04 2014
This archive was generated by hypermail 2.1.8 : Sat Oct 11 2014 - 00:15:04 EEST