Permissions issue

bitlord · March 7, 2013, 11:21am

Hello,
I'm having an issue with a directory that is used to forward Windows logs. I have a user account on Windows servers that uses SCP to put logs on my Solaris 10 server. A appliance called LogLogic then takes the logs from my server and stores them. I need to have have group read so the LogLogic appliance can pull the logs.

The directory is /loglogic. Then each windows server puts it's logs into a directory with the same name as it has.
Example:

cd /loglogic
ls -l
drwxr-x--- 1 winaccout loglogic 6 Mar 7  10:56 wina
drwxr-x--- 4 winaccout loglogic 6 Mar 7  10:56 winb
drwxr-x--- 2 winaccout loglogic 6 Mar 7  10:56 winc

I have tried to use umask to set the permissions but it is not working. I have also add a umask statement in the .profile file.

umask 
0037
touch ju;ls -l ju
-rw-r----- 1 winaccout loglogic 0 Mar 7  10:56 ju

I was expecting 740. I also tried umask u=rwx,g=r,o= and this didn't work ether.
I have also tested with scp.

scp  file  winaccount@solaris:/loglogic:/loglogic/wina/
ls -l /loglogic:/loglogic/wina/file
-rw------  1 winaccout loglogic 6 Mar 7  10:56 file

It looks like there is a setting for ssh I also need to worry about.

Can you give me a hand?

Corona688 · March 7, 2013, 11:35am

Anything that's not an actual shell login does not use the shell script ~/.profile.

sshd does have its own additional file, ~/.ssh/environment, in which you can put umask=022 or what have you. You must have

PermitUserEnvironment yes

in your sshd_config for it to use this file.

bitlord · March 7, 2013, 12:17pm

The user has nothing in the .ssh directory but the authorized_keys2 file.

you want me to add the
PermitUserEnvironment yesto /etc/ssh/sshd_config ?

I add the line to that file and it still only comes over as -rw-------

Corona688 · March 7, 2013, 12:19pm

Yes, though there may be a PermitUserEnvironment no in there already.

Then restart or reload sshd so the new settings take effect.

ssh should thereafter attempt to load the optional ~/.ssh/environment file when users scp, which would allow you to specify umask=022 in their ~/.ssh/environment file.

bitlord · March 7, 2013, 12:54pm

there was not any
PermitUserEnvironment
I have restarted the ssh
I will create ~/.ssh/environment

---------- Post updated at 12:54 PM ---------- Previous update was at 12:37 PM ----------

Ok
I have add "PermitUserEnvironment yes" to /etc/ssh/sshd_config

I have add umask=022 to ~/.ssh/environment

I then restarted ssh on the zone.

Thanks for your help so far.

Corona688 · March 7, 2013, 1:08pm

Does the problem persist?

bitlord · March 8, 2013, 8:52am

Yes I even got my 2 co-works looking at it as well and we don't seem to be making any headway.

---------- Post updated 03-08-13 at 08:52 AM ---------- Previous update was 03-07-13 at 01:33 PM ----------

Update,
I was not able to get the umask to work for me so I wrote a script and added it to the crontab.
Here it is :

2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38 * * * * chmod -R 750 /loglogic/ > /dev/null 2>&1
40,42,44,46,48,50,52,54,56,58 * * * * chmod -R 750 /loglogic/ > /dev/null 2>&1

prashant2507198 · March 9, 2013, 10:39am

Well, script you used that is also a solution but its temporary just to achieve what you want. I am also amazed why above solutions are not working.

bitlord · March 11, 2013, 9:39am

I was also surprised as well. Until I find a better way the script will have to do.