The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SFTP/FTPS and permissions

Discussion in 'Security' started by Daniele.Gri, Jun 16, 2011.

  1. Daniele.Gri

    Daniele.Gri Member

    Joined:
    Apr 9, 2010
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    I'm currently running php with suphp, and generally I'm very happy about it, but due to security concerns, I'm trying to tighten the security of the client/server connections, I've tried both SFTP and FTPS, but

    • SFTP: When I connect with SFTP instead of landing in /home/username I land in /, that's more of a nuisance than anything else, but it'd be nice to have a fix for it. Plus all the newly created files have 0666 permissions (dirs are 0777)
    • FTPS: Works like a charm if I set it as Explicit, but new files are 0664 and new folders are 0775.

    Now, the problem lies in the fact that suphp kinda doesn't want files to have permissions higher than 0644 (0755 for folders), is there a way to configure this setting in a clean way? Would it be possible for you people to implement such a configuration natively in the next updates (so ppl that use suphp don't have to do it manually on each server)?

    I forgot to mention I'm running Pure-FTPd, dunno if the other daemon is better for this.
     
  2. Daniele.Gri

    Daniele.Gri Member

    Joined:
    Apr 9, 2010
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    for SFTP I've been able to fix it on some clients, but for some reason there's this line in /etc/bashrc
    Code:
    if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then
            umask 002
    else
            umask 022
    fi
    
    setting umask to 002 for normal users, meaning that the aforementioned problem with FTPS occurs. Any reason why this should be happening?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    When you connect via SFTP who are you logging in as?
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The lines in /etc/bashrc are not default part of any CentOS installation:

    Code:
    root@host [~]# grep -i mask /etc/bashrc
    root@host [~]#
    These values were added by someone. You could try commenting them out otherwise to see the results, but they were not added by cPanel.

    I did find those lines in the csh files, but csh isn't the default shell on most systems:

    In /etc/csh.login file:

    Code:
    # Set umask consistently with bash for loginshells (csh.login sourced
    # after csh.cshrc unlike with bash profile/bashrc scripts and umask
    # might be modified in profile.d csh scripts)
    if ($?loginsh) then
      if ($uid > 99 && "`id -gn`" == "`id -un`") then
          umask 002
      else
          umask 022
      endif
    endif
    In /etc/csh.cshrc file:

    Code:
    # By default, we want this to get set.
    # Even for non-interactive, non-login shells.
    if ($uid > 99 && "`id -gn`" == "`id -un`") then
        umask 002
    else
        umask 022
    endif
     
Loading...

Share This Page