OpenSSH 5.3 setting UMASK for SFTP chroot env, dosen't work at all
6,223
If you do not want the patch solution, here is another workaround:
In sshd_config:
# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp /usr/local/bin/sftpwrapper
# And the Match Group, ChrootDirectory, etc... declarations
And in /usr/local/bin/sftpwrapper (chmod 755, chown root:root)
#!/bin/bash --
umask 0002
exec /usr/lib/openssh/sftp-server
Users in the chrooted group, can still has /bin/false as shell.
Author by
emaaaa
Updated on September 18, 2022Comments
-
emaaaa almost 2 years
I tried to override umask setting on SFTP connection in chrooted env. I couldnt use subsytem diffrente than internal-ftp.
In OpenSSH_5.3p1 (Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009) there's umask setting directly from command.
How do you able to set ?
My sshd config is:
Match User myuser ChrootDirectory /mnt/jail/myuser/ AllowTCPForwarding no X11Forwarding no #ForceCommand /usr/lib/openssh/sftp-server -l DEBUG3 #ForceCommand /bin/sh -c 'umask 002; /usr/lib/openssh/sftp-server' ForceCommand internal-sftp -u 002
anyway, it dosent works.
-
emaaaa about 13 yearsI couldnt fix sshd daemon with sftpfilecontrol BTW I've tried to insert pam_umask but seems dosent work
-
emaaaa about 13 yearsI've tried even this solution but sftp-server couldnt start from sshd and when i tried to use Cyberduck sftp-server respond with "/bin/bash not found" dosen't accept any connection
-
Cakemox about 13 yearsI was able to get it to work putting the pam_umask line at the top of /etc/pam.d/sshd and restarting. I'm using /usr/lib/openssh/sftp-server; I didn't try it with internal-sftp.
-
poisonbit about 13 yearsYou can change first line to something like "#!/usr/bin/env bash" or the right path to the bash interpreter on your server.
-
emaaaa about 13 yearsSorry @poisonbit i catch this error when i try to login with an user without shell. It should say nothing, but ...