Re: [PLUG] How to share write access to files via scp?...

sean finney on 4 May 2010 22:39:08 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] How to share write access to files via scp?...

From: sean finney <seanius@seanius.net>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] How to share write access to files via scp?...

Date: Wed, 5 May 2010 07:39:00 +0200

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mutt/1.5.20 (2009-06-14)

On Tue, May 04, 2010 at 07:51:34PM -0400, Fred Stluka wrote: > - Put all users in a group called team, set the group of the > directory to team, and set the SGID bit of the directory. > % sudo groupadd team > % sudo usermod -a -G team user1 > % sudo usermod -a -G team user2 > % sudo usermod -a -G team user3 > % sudo chgrp team /var/share > % sudo chmod g+s /var/share > - Good: > - Various users can now write new files to /var/share via scp, and > can overwrite existing files written there by others users IF g+w > bit is set on the files. > - Bad: > - When user creates file via scp, default is g-w, regardless of > umask. Why? probably because there's something, somewhere else, which is changing the umask, or the user's software (winscp, rsync, whatever) is explicitly chmodding it later on. > - When user overwrites file via scp, the owner doesn't change. Why? probably because the software isn't creating a new file, but opening the old one, seeking to the beginning and writing out the data. > - Directories created recursively via scp do not inherit the g+s > bit. Why? they ought to, probably tied into the above. > Any thoughts? Thanks! if you want to control umask/permissions with more of an iron fist, openssh is pretty hard for this, since the options to chmod and set umask are built in at the protocol (sftp) level. at one customer i helped them set up a custom openssh service using the sftpfilecontrol patch (http://sftpfilecontrol.sf.net) which forces you to recompile ssh yourself but removes the ability to override umask or chmod files after they are created. some distros (not anything debian-like afaik) even ship this patch on by default. alternatively you could set up an ftp+ssl service where you could have more control (i think vsftpd lets you force this, for example, though i've never set it up with ssl), or if remote access isn't important you can also force perms/masks via samba. sean
Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] How to share write access to files via scp?...
From: Richard Freeman <r-plug@thefreemanclan.net>

References:

[PLUG] How to share write access to files via scp?...
From: Fred Stluka <fred@bristle.com>

Prev by Date: Re: [PLUG] How to share write access to files via scp?...

Next by Date: Re: [PLUG] experience with Clear wireless?

Previous by thread: Re: [PLUG] How to share write access to files via scp?...

Next by thread: Re: [PLUG] How to share write access to files via scp?...

Index(es):

Date

Thread