Re: [Jailkit-users] group directory write permissions

[Olivier Sessink]

Ryan Wexler wrote:
> -I have multiple users that are jailed and who all belong to the same
> group "shared_group"
> -Each of these users creates and accesses files using sftp access
> through jailkit.
> -Accessing and writing files works fine.
> *However if a new directory is created through sftp it does not have the
> group write bit set. 
> 
> My jail jk_lsh.ini has the umask set to 002 so it should be setting the
> group write bit.  Here is the file contents:
> [DEFAULT]
> paths= /usr/bin, /usr/lib/
> executables= /usr/bin/scp, /usr/libexec/openssh/sftp-server
> 
> [group shared_group]
> paths= /usr/bin, /usr/lib/
> executables= /usr/bin/scp, /usr/libexec/openssh/sftp-server
> umask = 002
> 
> 
> Additionally I have relaxed group permissions in
> /etc/jailkit/jk_chrootsh.ini:
> 
> [group shared_group]
> relax_home_group=1
> relax_home_group_permissions=1
> relax_home_other_permissions=1

these options are only needed if you use these permissions for the home
directory itself, not for other directories in the jail.

> The parent directory where the subdirectories are being created has the
> proper permissions:
> ls -ltr
> drwxrwxr-x 52 demo shared_group     4096 Jun  1 13:44 documentrepository
> 
> But when the jailed user demo creates a new directory "6-2009" via sftp
> here is the permissions
> drwxr-xr-x 2 demo   shared_group 4096 Jun  1 13:55 6-2009

everything looks good. Perhaps the problem is in the sftp-server or the
sftp client? If you try sftp outside a jail, how does it handle the
umask? If you strace a sftp-server when you create a directory, does it
use chmod() or does it just rely on the umask?

regards,
        Olivier