Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-29-2007, 08:05 PM
|
#1
|
Member
Registered: Oct 2006
Distribution: Ubuntu
Posts: 69
Rep:
|
linux permissions
Hi, I have a question about file permissions...
I am copying files from my computer to a server. The file on my computer has permissions: -rw-r-r-
when i copy the files, the permissions stay the same, but I would like them to take on a default permission.
so, basically, on my client computer, if i change the files permissions to -rw-rw-r, then permissions for that file on the server will be -rw-rw-r. if i dont change them, then the permissions are -rw-r-r.
i hope this makes sense.
thanks for any help!
|
|
|
05-29-2007, 08:24 PM
|
#2
|
LQ Newbie
Registered: May 2007
Location: South Dakota
Distribution: Debian Etch (8), XP (1), FreeBSD (1), HP-UX (1)
Posts: 23
Rep:
|
change the default umask for the application you are using to copy files (samba, ssh, etc).
for -rw-rw-r--
use umask 0002
More info here: http://www.linuxquestions.org/questi...?postid=869244
If you are using scp to copy files, use the -p option to retain date/time/permissions
A bit more explanation (stolen from google)
By default, and with a umask of 000, files get mode 666 and directories get mode 777. As a result, with a default umask value of 022, newly created files get a default mode 644 (666 - 022 = 644) and directories get a default mode 755 (777 - 022 = 755).
In order to change the umask value, simply use the umask command and give it an octal number. For instance, if you want all new directories to get permissions rwxr-xr--- and files to get permissions rw-r----- by default (modes 750 and 640), you'll need to use a umask value which removes all rights to other, and write permissions to the group : 027. The command to use is:
umask 027
Last edited by troybtj; 05-29-2007 at 08:38 PM.
|
|
|
05-29-2007, 08:47 PM
|
#3
|
Member
Registered: Oct 2006
Distribution: Ubuntu
Posts: 69
Original Poster
Rep:
|
thanks for the quick reply. i've changed my umask from 0022 to 0002 and the same problem is occurring. it's like it's not acknowledging the umask at all. i've also confirmed the umask is changing by logging into an ssh session and running the umask command. i can send some files or give more information if needed.
Thanks!
|
|
|
05-29-2007, 08:56 PM
|
#4
|
LQ Newbie
Registered: May 2007
Location: South Dakota
Distribution: Debian Etch (8), XP (1), FreeBSD (1), HP-UX (1)
Posts: 23
Rep:
|
Did you change it in .profile, .bash_profile, .bashrc ?
I'm not exactly sure which one scp looks at. sftp will use the mask of your login shell.
|
|
|
05-29-2007, 09:02 PM
|
#5
|
Member
Registered: Oct 2006
Distribution: Ubuntu
Posts: 69
Original Poster
Rep:
|
here is my .bash_profile file. this is the only file i changed. the other files i have are .bash_history, .bash_logout and .bashrc
Code:
# ~/.bash_profile: executed by bash(1) for login shells.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/login.defs
umask 0002
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# set PATH so it includes user's private bin if it exists
if [ -d ~/bin ] ; then
PATH=~/bin:"${PATH}"
fi
|
|
|
05-29-2007, 09:03 PM
|
#6
|
LQ Newbie
Registered: May 2007
Location: South Dakota
Distribution: Debian Etch (8), XP (1), FreeBSD (1), HP-UX (1)
Posts: 23
Rep:
|
Try adding it to .bashrc
If that doesn't work, I'm out of answers.
|
|
|
05-29-2007, 09:21 PM
|
#7
|
Member
Registered: Oct 2006
Distribution: Ubuntu
Posts: 69
Original Poster
Rep:
|
that didnt work either.
this code in .bash_profile would prevent that from working
Code:
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
thanks for all your help. if you get any more ideas, let me know. if i find the answer, i'll be sure to post it here.
|
|
|
05-29-2007, 09:29 PM
|
#8
|
Member
Registered: Oct 2006
Distribution: Ubuntu
Posts: 69
Original Poster
Rep:
|
I'm not sure if it helps at all, but I'm using a chroot jail. It's wolfgang's make_chroot_jail.sh
his site is: http://www.fuschlberger.net/programs...t_jail.sh.html
idk why, but the site isnt loading on my computer. the only reason I'm saying this is because I have a copy of a lot of my files, and maybe someone can see a problem.
|
|
|
05-29-2007, 10:36 PM
|
#9
|
LQ Newbie
Registered: May 2007
Location: South Dakota
Distribution: Debian Etch (8), XP (1), FreeBSD (1), HP-UX (1)
Posts: 23
Rep:
|
Quote:
Originally Posted by erat123
that didnt work either.
this code in .bash_profile would prevent that from working
Code:
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
thanks for all your help. if you get any more ideas, let me know. if i find the answer, i'll be sure to post it here.
|
Not if scp is reading .bashrc and NOT .bash_profile
If it logs in and looks for bashrc, it will get the info from there, not caring what is in .bash_profile
The chroot you have installed may effect this as well, but try adding command to .bashrc and see how it works.
|
|
|
05-29-2007, 11:55 PM
|
#10
|
Member
Registered: Oct 2006
Distribution: Ubuntu
Posts: 69
Original Poster
Rep:
|
i see what you mean. i gave it a try and loaded umask to .bashrc and it didnt work. i also tried removing it from .bash_profile and keeping it in .bashrc and that didnt work either.
this might be a long shot, but i understand there's something called pam_umask. i've heard it's a replacement to umask. have you heard of that, and if so, do you know if that may work better?
|
|
|
05-30-2007, 12:47 AM
|
#11
|
Member
Registered: Oct 2006
Distribution: Ubuntu
Posts: 69
Original Poster
Rep:
|
well, i've been doing some research and some trial and error techniques as well. i copied a file from my local pc to my server using the scp command. it did the same thing (ignored the umask)
here is the output:
client side:
Code:
$ ls -l
-rw-rw-r-- 1 eric eric 15 2007-05-29 18:25 test
server side:
Code:
$ ls -l
-rw-r--r-- 1 admin admin 15 2007-05-29 23:42 test
$ umask
0002
I've been looking online and it seems like openssh has a bug in it that prevents this from working well. people claim they have working patches, but i'm not skilled enough to install one or understand the benefits.
|
|
|
05-30-2007, 07:04 AM
|
#12
|
LQ Newbie
Registered: May 2007
Location: South Dakota
Distribution: Debian Etch (8), XP (1), FreeBSD (1), HP-UX (1)
Posts: 23
Rep:
|
Were you trying to force default permissions on the copy, or keep them? To keep permissions, use scp -p
You could use alias scp='scp -p'
so you wouldn't need to add the option each time.
|
|
|
05-30-2007, 11:12 PM
|
#13
|
Member
Registered: Oct 2006
Distribution: Ubuntu
Posts: 69
Original Poster
Rep:
|
THAT WORKED!! I just got home and tried it out, and all was well! I don't really understand why changing the umask wouldn't fix it, but I'm pretty content with this. Thanks a lot troybtj! You really helped me out a lot!
|
|
|
All times are GMT -5. The time now is 07:00 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|