[Solved] 7340 directory permissions not inherited on external drive with sftp

[Michael999]

When I login with a user whose homedir is on an external usb drive, via the console, directory permissions are inherited. So, for example, I can create: dir1/dir2. However, when I try to do this not via the console, but with an sftp client I can't create "dir2" because directory permissions are not inherited.


By using the console all is fine:

root@fritz:/var# mkdir /var/media/ftp/uStor06/ext/ftp/test
root@fritz:/var# adduser -h /var/media/ftp/uStor06/ext/ftp/test test
Changing password for test
New password:
Bad password: too short
Retype password:
Password for test changed by root
root@fritz:/var# ls -ld /var/media/ftp/uStor06/ext/ftp/test
drwxr-sr-x    2 test     test          4096 Apr 30 00:51 /var/media/ftp/uStor06/ext/ftp/test
root@fritz:/var# login test
Password:
   __  _   __  __ ___ __
  |__ |_) |__ |__  |   /
  |   |\  |__ |__  |  /_

   The fun has just begun ...


BusyBox v1.18.4 (2011-04-26 18:53:42 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

-sh: /etc/init.d/rc.conf: line 4: can't create /var/env: Permission denied
rm: can't remove '/var/htmltext.db': Permission denied
ln: /var/htmltext.db: File exists
rm: can't remove '/var/TZ': Permission denied
ln: /var/TZ: File exists
test@fritz:~$ mkdir -p dir1/dir2
test@fritz:~$ ls -ld dir1
[B]drwxrwsrwx[/B]    3 root     test          4096 Apr 30 00:53 dir1
test@fritz:~$ ls -ld dir1/dir2
drwxrwsrwx    2 root     test          4096 Apr 30 00:53 dir1/dir2

But when using an sftp client I can't create "dir2" and get a "permission denied". The console shows the directory permissions of "dir1" are different using an sftp client than when using the console (in bold):

test@fritz:~$ ls -ld dir1
[B]drwxr-sr-x[/B]    2 root     test          4096 Apr 30 00:59 dir1

Is there some way to change the default umask when logging in with a user using an sftp client? I tried changing the default umask by setting it in "/etc/profile", but that didn't work.

Why can I create directories multiple levels deep using the console, but not using the dropbear sftp method?

 

[olistudent]

Why are the uids/gids of your directories "root test" and not "test test"?

Regards
Oliver

 

[Michael999]

I don't know why, homedir "test" is owned by "test":

root@fritz:/var/mod/root# ls -ld /var/media/ftp/uStor06/ext/ftp/test
drwxr-sr-x    3 test     test          4096 Apr 30 15:20 /var/media/ftp/uStor06/ext/ftp/test

However, as you said, directories created while logged in as test are owned by root.

How is this possible?

 

[olistudent]

Have a look at your passwd and groups file?

Regards
Oliver

 

[Michael999]

Seems ok, or am I missing something?

root@fritz:/var/mod/root# cat /etc/passwd
root:x:0:0:root:/mod/root:/bin/sh
nobody:x:100:1000:nobody:/home/nobody:/bin/false
ntp:x:101:1:NTP daemon:/home/ntp:/bin/false
openvpn:x:1000:1001:OpenVPN account:/home/openvpn:/bin/false
wwwrun:x:1001:1002:lighttpd account:/home/wwwrun:/bin/false
ftp:x:102:1:FTP account:/home/ftp:/bin/false
boxusr80:any:1080:0:box user:/home-not-used:/bin/sh
test:x:1003:1003:Linux User,,,:/var/media/ftp/uStor06/ext/ftp/test:/bin/sh

root@fritz:/var/mod/root# cat /etc/group
root:x:0:
users:x:1:ntp,ftp
nobody:x:1000:nobody
openvpn:x:1001:openvpn
wwwrun:x:1002:wwwrun
test:x:1003:

 

[olistudent]

With the 7390 there are problems on ext2 disks when using Freetz ex2 modules. AVM's sources seem a bit out of date. But that does not seem to be the cause for your problem.

Perhaps you can tune the umask for the sftp connection?

Regards
Oliver

 

[Michael999]

Thanks, that worked! I manually set the umask to 0002 when starting dropbear. How can I make it so the umask is set automatically for dropbear?

 

[olistudent]

What's the default umask when you don't set it? How did you set it exactly? I searched dropbear and sftp (openssh-source) but didn't get it...

Regards
Oliver

 

[Michael999]

I'm not sure how to get the umask of a running process in this case. On a regular linux system I'd attach gdp and call the umask function, but I don't know how to do it in this environment.

I set it manually by:

umask 0002;dropbear -p [port]

I've read that on a regular linux system I could modify sshd_config and change the umask of the sftp subsystem like this:

Subsystem sftp /bin/sh -c ‘umask 0002; /usr/libexec/openssh/sftp-server’

But how do I do that in freetz?

 

[olistudent]

What is the default umask for your root? Does it differ for your test user? For me umask was set to 0022 on my box.

Regards
Oliver

 

[Michael999]

For root and test the umask is 0022. 0022 doesn't allow me to create directories more than one level deep with sftp. It will allow me to do that with a umask of 0002.

 

[olistudent]

Sure? I created two directories with a standard linux. test is created with umask set to 0022 and test2 with umask 0077.

drwxr-xr-x 2 oliver oliver 4096 2011-04-30 18:53 test
drwx------ 2 oliver oliver 4096 2011-04-30 18:53 test2

Regards
Oliver

edit: ah, but the g+w and o+w are missing

Okay, now we are back at the question "Why are your directories created as user root...". Can you please create a directory under /var. Does this happen there too?

 

[Michael999]

test@fritz:~$ mkdir /var/media/ftp/uStor06/ext/ftp/test/dir1
test@fritz:~$ ls -ld dir1
drwxr-sr-x    2 root     test          4096 Apr 30 19:35 dir1

test@fritz:~$ mkdir /var/test
mkdir: can't create directory '/var/test': Permission denied

 

[olistudent]

Please show your permissions of /var directory?

 

[Michael999]

root@fritz:/var/mod/root# ls -ld /var
drwxr-xr-x   18 root     root           800 Apr 30 21:28 /var

 

[olistudent]

Is it the same for /var/tmp? I don't have access to a box right now so I can't test...

 

[Michael999]

It's different:

root@fritz:/var/mod/root# ls -ld /var/tmp
drwxrwxrwt    8 root     root          1060 Apr 30 21:56 /var/tmp

 

[olistudent]

What happens if you create a directory there? permissions?

 

[Michael999]

root@fritz:/var/mod/root# mkdir /var/tmp/test
root@fritz:/var/mod/root# ls -ld /var/tmp/test
drwxr-xr-x    2 root     root            40 Apr 30 22:19 /var/tmp/test

 

[olistudent]

Use user test please. ;-)