1584 – umask setting in sshd

Bug 1584 - umask setting in sshd

Summary: umask setting in sshd

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	5.2p1
Hardware:	All All

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-04-02 18:50 AEDT by Leo Baltus
Modified:	2010-04-16 15:51 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Leo Baltus 2009-04-02 18:50:59 AEDT

We just upgraded from openssh-5.0p1 to openssh-5.2p1 (linux) to find out 
that sshd changes its umask to drop group-write permissions.

We deliberatly set umask 002 prior to starting sshd to allow group-writeable files to be created.

I am not sure why this is done, but it breaks our setup and also breaks expected behaviour. Also I could not find any discussion on the list in the months leading up to this change, it only seems to be documented in the ChangeLog:

20080615
[...]
   - dtucker@cvs.openbsd.org 2008/06/14 17:07:11
     [sshd.c]
     ensure default umask disallows at least group and world write; ok djm@
 
The packaged opensshd.init.in also assumes umask can be set prior to starting sshd.

Therefor I propose to either undo this change (patch), or make it configurable in sshd_config.

Comment 1 Damien Miller 2009-07-31 11:53:18 AEST

What behaviour are you are expecting and what is this breaking for you?

Comment 2 Leo Baltus 2009-07-31 17:29:12 AEST

Hi Damien,

I am expecting to either have a umask setting in the configuration file, or, even better, to not change the umask so sshd will use the umask from the session that started it.

On certain uploadservers we would like users to have a umask 002 by default. so that uploaded files from, say, windows will have group write permission. These users are often collaborating with others and have no clue about permissions.

The current behaviour is a hard change in the software and no means to change it in configuration, that's an unfortunate combination.

Comment 3 Darren Tucker 2009-08-20 23:24:50 AEST

(In reply to comment #2)
> On certain uploadservers we would like users to have a umask 002 by
> default. so that uploaded files from, say, windows will have group
> write permission. These users are often collaborating with others and
> have no clue about permissions.

So you're talking about the umask of the eventual user's shell?  or an sftp-only session?  Can you set it in whatever shell startup you have?

The reason for the change was that the sshd server itself could also create world writeable files when started with a permissive umask (eg the sshd.pid file).

If it is sftp and you're using the external sftp server you could work around it by pointing "Subsystem sftp" in sshd_config to a shell wrapper that just sets the umask and execs the real sftp-server.

Comment 4 Leo Baltus 2009-08-26 01:25:25 AEST

I am talking about both shell and sftp sessions.

If a permissive umask would result in a writable pid file, then I feel the problem is with the umask and not with opensshd.

Comment 5 Damien Miller 2009-10-06 15:12:57 AEDT

OpenSSH 5.4 will include an option to set an explicit umask for sftp sessions and there are a number of ways that a user may control their umask for shell/scp sessions (shell init files, PAM, etc.) We really don't want sshd to run with a loose or non-deterministic umask, so I think this bug can be closed.

Comment 6 Damien Miller 2010-04-16 15:51:16 AEST

Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1