SFTP/FTPS and permissions

[Daniele.Gri]

I'm currently running php with suphp, and generally I'm very happy about it, but due to security concerns, I'm trying to tighten the security of the client/server connections, I've tried both SFTP and FTPS, but

• SFTP: When I connect with SFTP instead of landing in /home/username I land in /, that's more of a nuisance than anything else, but it'd be nice to have a fix for it. Plus all the newly created files have 0666 permissions (dirs are 0777)
• FTPS: Works like a charm if I set it as Explicit, but new files are 0664 and new folders are 0775.

Now, the problem lies in the fact that suphp kinda doesn't want files to have permissions higher than 0644 (0755 for folders), is there a way to configure this setting in a clean way? Would it be possible for you people to implement such a configuration natively in the next updates (so ppl that use suphp don't have to do it manually on each server)?

I forgot to mention I'm running Pure-FTPd, dunno if the other daemon is better for this.

[Daniele.Gri]

for SFTP I've been able to fix it on some clients, but for some reason there's this line in /etc/bashrc

Code:

if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then
        umask 002
else
        umask 022
fi

setting umask to 002 for normal users, meaning that the aforementioned problem with FTPS occurs. Any reason why this should be happening?

[Infopro]

I'm currently running php with suphp, and generally I'm very happy about it, but due to security concerns, I'm trying to tighten the security of the client/server connections, I've tried both SFTP and FTPS, but

• SFTP: When I connect with SFTP instead of landing in /home/username I land in /, that's more of a nuisance than anything else, but it'd be nice to have a fix for it. Plus all the newly created files have 0666 permissions (dirs are 0777)
• FTPS: Works like a charm if I set it as Explicit, but new files are 0664 and new folders are 0775.

Now, the problem lies in the fact that suphp kinda doesn't want files to have permissions higher than 0644 (0755 for folders), is there a way to configure this setting in a clean way? Would it be possible for you people to implement such a configuration natively in the next updates (so ppl that use suphp don't have to do it manually on each server)?

I forgot to mention I'm running Pure-FTPd, dunno if the other daemon is better for this.

When you connect via SFTP who are you logging in as?

[cPanelTristan]

The lines in /etc/bashrc are not default part of any CentOS installation:

Code:

root@host [~]# grep -i mask /etc/bashrc
root@host [~]#

These values were added by someone. You could try commenting them out otherwise to see the results, but they were not added by cPanel.

I did find those lines in the csh files, but csh isn't the default shell on most systems:

In /etc/csh.login file:

Code:

# Set umask consistently with bash for loginshells (csh.login sourced
# after csh.cshrc unlike with bash profile/bashrc scripts and umask
# might be modified in profile.d csh scripts)
if ($?loginsh) then
  if ($uid > 99 && "`id -gn`" == "`id -un`") then
      umask 002
  else
      umask 022
  endif
endif

In /etc/csh.cshrc file:

Code:

# By default, we want this to get set.
# Even for non-interactive, non-login shells.
if ($uid > 99 && "`id -gn`" == "`id -un`") then
    umask 002
else
    umask 022
endif