Hello!
In effort to address at least one of my permission problems, I would be glad
to see a working solution for this kind of problem:
1. at sshd_config:
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /public
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
2. at client's bash:
sshfs server:/ /home/kr/krpub-mount -o "IdentityFile=/home/kr/.ssh/id_rsa" -o
uid=$(id -u kr) -o gid=$(id -g kr) -o allow_other -o default_permissions -o
reconnect -o no_check_root -o umask=0002
touch /home/kr/krpub-mount/writeable_dir/1
ls -la /home/kr/krpub-mount/writeable_dir/1
-rwxrwxr-x 1 kr kr 0 2009-06-12 08:51 krpub-mount/writeable_dir/1
3. at server:
ls -la /public/writeable_dir/1
-rw------- 1 kr kr 0 2009-06-12 08:51 1
Removing " -o umask=0002" just shows the actual, too strict permissions.
And here is the trouble. How can those permissions be controlled on server, if
internal-sftp is used with ChrootDirectory?
Please, this has been a problem way to long... If there was a way to set
minimum permissions in sshd_config for newly created files, it would have
been solved, at least in my case! There is a problem with konqueror, which is
eating up the group write bit, that way it could be solved...
Well, please don't hesitate, if you know some relevant solution!
k.
In effort to address at least one of my permission problems, I would be glad
to see a working solution for this kind of problem:
1. at sshd_config:
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /public
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
2. at client's bash:
sshfs server:/ /home/kr/krpub-mount -o "IdentityFile=/home/kr/.ssh/id_rsa" -o
uid=$(id -u kr) -o gid=$(id -g kr) -o allow_other -o default_permissions -o
reconnect -o no_check_root -o umask=0002
touch /home/kr/krpub-mount/writeable_dir/1
ls -la /home/kr/krpub-mount/writeable_dir/1
-rwxrwxr-x 1 kr kr 0 2009-06-12 08:51 krpub-mount/writeable_dir/1
3. at server:
ls -la /public/writeable_dir/1
-rw------- 1 kr kr 0 2009-06-12 08:51 1
Removing " -o umask=0002" just shows the actual, too strict permissions.
And here is the trouble. How can those permissions be controlled on server, if
internal-sftp is used with ChrootDirectory?
Please, this has been a problem way to long... If there was a way to set
minimum permissions in sshd_config for newly created files, it would have
been solved, at least in my case! There is a problem with konqueror, which is
eating up the group write bit, that way it could be solved...
Well, please don't hesitate, if you know some relevant solution!
k.