I work under Centos 7.
For some time, I have a problem with the FTP /home/students directory whose access rights( permission) is set to 750. When I create a file as user students the file access permission is 644 (read/write for the owner and read-only for other users). But when the students user receives files by SFTP (with authentication by ssh key), the permission of these files is 600.
Can the right of access (permission) be imposed by the one who uploads the file by SFTP?
How to make the default permission for files received by SFTP automatically 644?
Thank you
I think u should do something like this > Modify /etc/ssh/sshd_config :
Subsystem sftp internal-sftp -m 0644
Then u should reload the SSHD Configuration :
sudo systemctl reload sshd
Related
As a web developer I always have the problem when updating PHP (and other) files from an SSH client, because I am logged in as a user or simply root.
After that update I always have to run manually from a terminal 'chown -R apache:apache *' to make the files accessible.
I tried to make a user ID and add it to the group 'apache' and add the apache user to the group of my user id. That works only for existing files on the server file system, because newly created files have permissions rwxr--r-- which does not allow writing by my user even as it is in the 'apache' group.
I'd like to make a login (shell is not needed) for the Apache user, so I can use an SSH based file browser like Forklift to login as Apache or use sshfs to mount as Apache user.
Another way is make umask that my user id always sets attributes of newly created files from sshfs mount or a file browser (mounted with my user id, not root) that they have permission rwxrwxr-- (i.e. 0775) by default.
Is there a way I can upload files to the server (updating existing op create new ones) without having to worry about permissions by Apache ?
You have to set the setgid
For example, do the following steps:
adduser hugo
addgroup apache
usermod -a -G apache hugo
mkdir /tmp/example
chown hugo:apache /tmp/example
chmod g+s /tmp/example
su hugo
cd /tmp/example
touch my_file
ls -l
we have cloud virtual machines where we able to login using pem and ppk file through WinSCP & Putty. I am going to write a shell script program to login into these machines.I tried something like but did not work.
ssh -i ~/ec2.pem ubuntu#12.34.56.78
Permissions 0664 for '/home/cloud-user/house_keeping/conf/ecp.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/cloud-user/house_keeping/conf/ecp.pem`enter code here`
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
The problem is
Permissions 0664 for '/home/cloud-user/house_keeping/conf/ecp.pem' are too open.
The manual page for ssh explans the permissions that should be on the private keys:
These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute).
So you should change the permission to 0600 using
chmod 600 ~/ec2.pem
I am trying to transfer files to my Google cloud hosted Linux (Debian) instance via secure copy (scp). I did exactly what the documentation told to connect from a local machine to the instance. https://cloud.google.com/compute/docs/instances/connecting-to-instance.
Created a SSH keygen
Added the keygen to my instance
I can login successfully by:
ssh -i ~/.ssh/my-keygen [USERNAME]#[IP]
But when I want to copy files to the instance I get a message "permission denied".
scp -r -i ~/.ssh/my-keygen /path/to/directory/ [USERNAME]#[IP]:/var/www/html/
It looks like the user with which I login has no permissions to write files, so I already tried to change the file permissions of /var/www/, but this still gives the permission denied message.
I also tried to add the user to the root group, but this still gives the same problem.
usermod -G root myuser
The command line should be
scp -r -i ~/.ssh/my-keygen /path/to/directory/ [USERNAME]#[IP]:/var/www/html/
Assuming your files are in the local /path/to/directory/ and the /var/www/html/ is on the remote server.
The permissions does not allow to write in the /var/www/html/. Writing to /tmp/ should work. Then you can copy the files with sudo to the desired destination with root privileges.
If SSH isn't working, install gcloud CLI and run the following locally: gcloud compute scp --recurse /path/to/directory [IP] --tunnel-through-iap. This will dump the directory into your /home/[USERNAME]/ folder. Then log into the console and use sudo to move the directory to /var/www/html/.
For documentation, see https://cloud.google.com/sdk/gcloud/reference/compute/scp.
I am trying to connect to a remote server without a password and i followed the instructions on this link exactly (http://kb.mediatemple.net/questions/1626/Using+SSH+keys+on+your+server) , I also checked the sshd_config file
SAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
However i still get password prompt when i try to log in.
Any help ?
Check for your ~/.ssh directory and/or id_rsa/id_dsa file permissions.
Your ~/.ssh directory should be 700 and your private key files should be 600.
The security log on your system (e.g. /var/log/secure) will often help you in determining what it objects to in using your keys. Please check that log for some clues.
This is simple problem due to ~/.ssh/authorized_keys file permission. By default the mode will be set to 664 when you create the file manually. Change the mode to 600 and you can login without password
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/authorized_keys
Now try ssh into the server
I've run visudo and added my username to the list to be able to do whatever I need to rather than logging in as root user.
I have my svn push out file's through ftp as user www-data, and therefore when I try to cd into those directories, I get permission denied.
Any thoughts? Can I add my username to some config file somewhere to have access to all files?
When you use sudo, you are running as the root user, but only for that particular command. I think the easiest thing to do would be to ensure that you and www-data are in the same group, and set the group permissions accordingly. (e.g., chmod 775 yourdir)