On Mon, Jun 1, 2009 at 2:17 PM, Olivier Sessink
<address@hidden> wrote:
Ryan Wexler wrote:
> -I have multiple users that are jailed and who all belong to the same
> group "shared_group"
> -Each of these users creates and accesses files using sftp access
> through jailkit.
> -Accessing and writing files works fine.
> *However if a new directory is created through sftp it does not have the
> group write bit set.
>
> My jail jk_lsh.ini has the umask set to 002 so it should be setting the
> group write bit. Here is the file contents:
> [DEFAULT]
> paths= /usr/bin, /usr/lib/
> executables= /usr/bin/scp, /usr/libexec/openssh/sftp-server
>
> [group shared_group]
> paths= /usr/bin, /usr/lib/
> executables= /usr/bin/scp, /usr/libexec/openssh/sftp-server
> umask = 002
>
>
> Additionally I have relaxed group permissions in
> /etc/jailkit/jk_chrootsh.ini:
>
> [group shared_group]
> relax_home_group=1
> relax_home_group_permissions=1
> relax_home_other_permissions=1
these options are only needed if you use these permissions for the home
directory itself, not for other directories in the jail.
> The parent directory where the subdirectories are being created has the
> proper permissions:
> ls -ltr
> drwxrwxr-x 52 demo shared_group 4096 Jun 1 13:44 documentrepository
>
> But when the jailed user demo creates a new directory "6-2009" via sftp
> here is the permissions
> drwxr-xr-x 2 demo shared_group 4096 Jun 1 13:55 6-2009
everything looks good. Perhaps the problem is in the sftp-server or the
sftp client? If you try sftp outside a jail, how does it handle the
umask? If you strace a sftp-server when you create a directory, does it
use chmod() or does it just rely on the umask?
regards,
Olivier
_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users