We have users that send files to our server via sftp... We normallyhave umask set to 022 but for these files we would like to force a umask of 002... I've tried to change in the .bash_profile but does not seem to make any difference...
View 1 RepliesHow do I set umask for sftp only users ?Users are jailed - that means they use internal-sftp:
Code:
# cat /etc/ssh/sshd_config
..........
[code]...
i have a vsftpd server running well but i want to make/force all users to use sftp and not just ftp is this possible?
View 1 Replies View RelatedI am writing a bash script for auditing a Linux System. One of the points to capture is the umask of the users in the system.
Though a 'umask' command executed by the respective user gives this value, i am not sure how to get this in a script, which would be run with root credentials. This my be pretty easy, but i am not sure how root can find this for say 'user-x' (except say peeking into /etc/bashrc).
umask doesn't seem to accept username argument like the 'id' command does...
I think the following code is trying to change the settings inside the file:
CISum=077
sed -e "s/002/$CISum/" -e "s/022/$CISum/" /etc/bashrc-preCIS > /etc/bashrc
sed -e "s/002/$CISum/" -e "s/022/$CISum/" /etc/csh.cshrc-preCIS > /etc/csh.cshrc
[code].....
But, what if i only want to check what the settings are inside the file, but does not want any changes to the file.
I'm setting up an application server for a small organization using Ubuntu 10.04 and LTSP. We built a machine with a quad core Athlon II, got a Gigabit swtich, and a couple Gigabit ethernet cards. I burned gPXE into a couple EPROMs and turned their old PIII and Duron systems into thin clients.
So far so good.
Now, I'm trying to set up a shared directory that two users in the same group can both read and write. Let's call it "/home/shared". I want to set UMASK to 007, so that by default, files are created readable and writable by user and group, with no permissions for anybody else. I changed a line in "/etc/profile" from "umask 022" to "umask 007". After rebooting the app server, the umask does appear to be 007 when you log in at the console. However, it doesn't seem to affect the terminals.
So I figured I needed to change it in "/opt/ltsp/i386/etc/profile". vi helped me out with that. Didn't make a difference in the terminals. Ok, I need to rebuild the image, so I did an "ltsp-update-image" and rebooted the terminal. umask is still 022. ???
I changed UMASK in "/opt/ltsp/i386/etc/login.defs" and rebuilt the image. No change. ??? I really don't understand why this isn't working.
How can I change the UMASK for users who log in on an LTSP terminal?
I'm struggling to understand an aspect of mounting and mountpoints with /etc/fstab. There is a large number of sites and threads that make recommendations using things like uid, gid, umask, and other options. These methods, however, which I've used, are file-system specific, useful only for filesystems such as (V)FAT and NTFS that allow them.My current situation is that I am mounting partition /dev/sdb5 in, let's call it /media/myMount. My goals:Mount this partition automatically upon boot using /etc/fstab...The partition should be fully accessible only to a specific user or group.What I've done is create the mount point in /media:
If user michapma were to carry out the mount, I believe it would work; however, I want the mount to happen automatically during boot. So, how can I achieve my user (or group) permission goals for this and any other such partitions using fstab?The manpage for mount has been helpful, but after reading many tutorials and forum threads, the only way I know how to do it is to have the user do the mounting or rely on the file-system specific options.
To create a daemon, you need to execute these 2 lines (among others):Code: init log
umask 0 What do each of these do?I didn't find anything on the 1st line. (The queries returned mostly "the log of the init (process)".)Google cast some light on the 2nd line: By setting the umask to 0, we will have full access to the files generated by the daemon. Even if you aren't planning on using any files, it is a good idea to set the umask here anyway, just in case you will be accessing files on the filesystem.
My Debian system has by default umask permissions of 0022, which I never liked. One user can read all the files of another seems very insecure to me.
I am planing to set it to 007, so that user and group have rw but all others have none.
Are there any side effects to that? I have noticed from a trial I did where I was changing permissions on the filesystem that some system stuff in the OS does not work anymore, if "others" have no read permission anymore, so that is why I am asking.
And why are chmod / umask permissions sometimes stated as 4 digits? What is this "all" group in the end? Isn't that already covered by "others"?
I run a linux file server for my office and we user SFTP for remote partners to login and download files. Is there a way to see if there are any active connections or logins so I can know when it is safe to perform maintenance on the machine?
Since the machine is almost constantly serving large files, scheduled maintenance is often bumped off due to someone either upload
Well I want my sendmail to pipe all users' incoming emails to /dev/null ... I just don't want to accept emails. Every user that exist on the system currently or will be made in future, I want their incoming emails to them to be piped to /dev/null .... I just want those users to be able to send emails.
View 1 Replies View RelatedI've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. How can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
I'm using Ubuntu Server 10.04 and I'm also using OpenSSH 5.3. I have SFTP-only users in a chrooted environment. Users are able to login, change directories, upload and download files, but as soon they attempt to give the 'ls' or any list directory. the server disconnects.
View 1 Replies View RelatedI want to allow users to user sftp to upload and download files frome one folder, as you know this uses ssh, my question is if i create user to access linux serverthrough ftpd they will be able to browse the root directry, can I create users and ristrict them to only specific directory?
View 1 Replies View RelatedI have an ftp server and normal login works fine as well as ftps but for some reason sftp sends all my accounts to the root directory of the entire server (not good). Been searching around but can't find a fix.
View 6 Replies View RelatedUsing CentOS 5.5. I have a handful of users that I need to have connect to my server via sftp and start in the same directory. for example, user1, user2, user3, etc.. will connect via sftp and upon connection will all be in the /some/dir/path/ftp-root directory.I know one way is to create these users all with the same 'home' directory, since by default a user starts in their home directory when connecting via sftp, but before just doing that, I wanted to find out if that is really the appropriate method to use? alternatives? Is there some setting on the sftp server end that could direct all users to one starting directory so that these users don't have to have the same 'home' dir? I'm using the sshd daemon that comes with CentOS 5.5 (with all current updates/patches)
View 4 Replies View RelatedI have configured the SFTP Jail for some of the users in my sftp server and which is hosted for my clients.i have one small issues and i need the help from experts. e /../jajil/etc/shadow file. can you please help me how to update the password in /../jail/etc/shadow file instead of updating in /etc/shadow file.
View 3 Replies View RelatedI've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
I see this questioned asked a lot and figured this tutorialThis tutorial explains how to create an SFTP server which confines (or chroot) users to their own home directory and deny them shell access.
View 1 Replies View RelatedI am currently running Ubuntu Server 9.10 as an FTP server. It has become a necessity to allow users access via SSH terminal or sftp via WinSCP. I need to be able to monitor what users are doing at any given time and be able to pull up each users activity history. Essentially I need to be able to pinpoint who modified a file at what time. Also what is the best method to monitor things like nmap probes?
View 1 Replies View RelatedI have configured rssh 2.3 with openssh 5.8 on RHEL 5.6 64 bit to restrict the users to scp and sftp. When i try to sftp or scp it gives error connection closed. After long googling tried different solutions like add missing libraries, setuid to rssh_helper. I had full copy of /lib to /chroot/lib and /chroot/lib64 but no success. conf and log files are below for reference.
[Code]...
Not sure if this is the right place to ask this question. In Solaris we have umask (shell builtin) and /usr/bin/umask. However I could not find /usr/bin/umask in Linux.
I want to know the difference between both and how can we achieve the functionality of /usr/bin/umask in Linux as its not there...
I want to make a webserver with multiple users allowed to login through SFTP to a specific folder, www.Multiple users are added, lets say user1 and user2, and all of them belonging to the www-data group. The www directory has an owner www-data and a group www-data.
I have used chmod -R 775 on the www folder, but after I try to create a folder test through my SFTP server (using Filezilla) the group of the directory created has only r and x permissions, and I am not able to log in with the second user user2 and create a directory within www/test due to a lack of w permission to the group.
I also tried using chmod 2775 on www directory, but without luck. Can somebody explain to me, how can I make it so that a newly created directory inherits the root directory group permissions?
I have a custom PS1 that I would like to use for my user account however when I view my users .bashrc file, there is no line entry there for 'PS1='. Can someone please tell me if I have my own custom user PS1 line entry, where do I place it so I can have some extra function and colors in my RHEL 5 system.
View 4 Replies View RelatedRunning CentOS release 5.4
We currently run a web server that allows FTP connections. I want to:
1. Disable FTP on our web server and require sftp only.
2. See if we can create a table of sites that are allowed to connect to the web server using sftp. Or should I just do this at the firewall?
Is there a way that I can set a quota for all new users that get created? I want to limit the hard drive space they get. I don't want to have to keep setting each new users quota either.
I am running Ubuntu 10.4 LTS 64Bit
I am using Centos 5.4. sending e-mails through our network(LAN).i want to create a e mail address's for each user and wants to give facility to sending,viewing,replying & forwarding office e-mails
Note : we dont have a DNS server in our LAN.
What steps have to be followed for having customized contents of PATH environment variable whenever new users are created? I require this in order to include a special directory into PATH variable; and this has to be a default one for all the newly created users.
View 3 Replies View Relatedsetting up multiple (2-3) FTP users on Ubuntu Server 9.04 I currently only have ONE FTP user, but I need to have 2.
View 1 Replies View RelatedI just know it has to be possible to let two users (since I have two kids) share the same PC at the same time using a 2nd graphic card, two displays, two keyboards, two mice. I have seen one 10 year old "how to" which just didn't seem like it would fly with today's XFree/DBUS/all USB setups.
Does anyone know how to do this? I would like each user to see a log in screen and log into a GUI desktop (it doesn't have to be KDE, but that is what we have been using). The MB and the video card use the same type of GPU. The PC has a dual core AMD, and 4 GB of RAM, so the resources should be fine for school work, KDE Educational software/games. Other than squid, there isn't particular server running on it either, so resources should not be an issue.