Hello,
I'm having an issue with a directory that is used to forward Windows logs. I have a user account on Windows servers that uses SCP to put logs on my Solaris 10 server. A appliance called LogLogic then takes the logs from my server and stores them. I need to have have group read so the LogLogic appliance can pull the logs.
The directory is /loglogic. Then each windows server puts it's logs into a directory with the same name as it has.
Example:
cd /loglogic
ls -l
drwxr-x--- 1 winaccout loglogic 6 Mar 7 10:56 wina
drwxr-x--- 4 winaccout loglogic 6 Mar 7 10:56 winb
drwxr-x--- 2 winaccout loglogic 6 Mar 7 10:56 winc
I have tried to use umask to set the permissions but it is not working. I have also add a umask statement in the .profile file.
umask
0037
touch ju;ls -l ju
-rw-r----- 1 winaccout loglogic 0 Mar 7 10:56 ju
I was expecting 740. I also tried umask u=rwx,g=r,o= and this didn't work ether.
I have also tested with scp.
scp file winaccount@solaris:/loglogic:/loglogic/wina/
ls -l /loglogic:/loglogic/wina/file
-rw------ 1 winaccout loglogic 6 Mar 7 10:56 file
It looks like there is a setting for ssh I also need to worry about.
Can you give me a hand?
Anything that's not an actual shell login does not use the shell script ~/.profile.
sshd does have its own additional file, ~/.ssh/environment, in which you can put umask=022
or what have you. You must have
PermitUserEnvironment yes
in your sshd_config for it to use this file.
The user has nothing in the .ssh directory but the authorized_keys2 file.
you want me to add the
PermitUserEnvironment yesto /etc/ssh/sshd_config ?
I add the line to that file and it still only comes over as -rw-------
Yes, though there may be a PermitUserEnvironment no
in there already.
Then restart or reload sshd so the new settings take effect.
ssh should thereafter attempt to load the optional ~/.ssh/environment file when users scp, which would allow you to specify umask=022
in their ~/.ssh/environment file.
there was not any
PermitUserEnvironment
I have restarted the ssh
I will create ~/.ssh/environment
---------- Post updated at 12:54 PM ---------- Previous update was at 12:37 PM ----------
Ok
I have add "PermitUserEnvironment yes" to /etc/ssh/sshd_config
I have add umask=022 to ~/.ssh/environment
I then restarted ssh on the zone.
Thanks for your help so far.
Does the problem persist?
Yes I even got my 2 co-works looking at it as well and we don't seem to be making any headway.
---------- Post updated 03-08-13 at 08:52 AM ---------- Previous update was 03-07-13 at 01:33 PM ----------
Update,
I was not able to get the umask to work for me so I wrote a script and added it to the crontab.
Here it is :
2,4,6,8,10,12,14,16,18,20,22,24,26,28,30,32,34,36,38 * * * * chmod -R 750 /loglogic/ > /dev/null 2>&1
40,42,44,46,48,50,52,54,56,58 * * * * chmod -R 750 /loglogic/ > /dev/null 2>&1
Well, script you used that is also a solution but its temporary just to achieve what you want. I am also amazed why above solutions are not working.
I was also surprised as well. Until I find a better way the script will have to do.