Setting permissions for SFTP transfer (during transfer, not after)
Ben Edwards
list4me2 at googlemail.com
Wed Feb 24 14:06:05 UTC 2010
On 24/02/2010, Tom H <tomh0665 at gmail.com> wrote:
> > When I SFTP a file onto a box I get the permissions -rw-r--r--, but I
> > want the permissions -rw-rw----. For security reasons I don't want to
> > transfer the file then change the permissions, I want the file to have
> > the permissions from when it first exists. To specify the requirement
> > a bit more formally:
>
> > "To enable a user to SFTP a files onto a box with the permissions set
> > to user and group readwrite and no access to world. These permissions
> > must be set at the beginning of the transfer (rather than after using
> > chmod). This is to ensure users can not read, change or delete the
> > file at any time (during or after the transfer)."
>
> > This can either be done as a SFTP set-up of something the user does
> > when transferring the files.
>
> Your requirements are contradictory. You want a mode of 0660 but users
> must "not read, change or delete the file at any time (during or after
> the transfer)". If you set 0660, they can modify the sftp'd files
> after sftp'ing them.
I ment at no time should users outside the group have any access to the file.
> To have the 0660 mode, change
> Subsystem sftp /usr/libexec/openssh/sftp-server
> in
> /etc/ssh/sshd.config
> to set a umask.
Thanks for that, I will have a look at the file. Is this a umask for
all gusers of can it be done on a user basis?
Regards,
Ben
> You might also need to chown and chmod g+s the directory to which you
> are sftp'ing.
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
More information about the ubuntu-users
mailing list