Umask permission Settings article

Article source https://www.starduster.me/2014/12/29/use-umask-to-config-sftp-upload-files/

Recently encountered a little thing, need to open the Studio Server site Directory upload file permissions, require static site upload can be ready to use, for the sake of simplicity I think of the idea is to create a new user to join the Www-data group, the login directory is located in the site directory, To pass the site directly to the file on the line (provided that these sites are under the same domain name, otherwise you will need to configure the Server). But SFTP uploaded files are the default 755, the original vsftpd can be user Local_umask control upload file permissions, but the pit Dad's Hardware firewall sealed the FTP port, only through 22 ports. However, SFTP although the name of the FTP, but in fact, SFTP is not controlled by VSFTPD, but by OpenSSH control, SFTP does not have a dedicated daemon, there is no independent configuration file (I found this fact after a half-day vsftpd related problems, Dizzy death)

Check the configuration of OpenSSH no umask related configuration, should only be changed to bash environment configuration.

Then again, I set the login address in the/ETC/PASSWD is the site address, the system does not automatically generate bash configuration file, so I manually established a. Bash_profile, filled a line umask 002, restart sshd, Surprised to find no effect-the original permission 777 of the file after uploading or 755.

Think about it, Bash's configuration file seems to be more than one, probably the SFTP read configuration is incorrect? Then went to check on the configuration of Bash, a look at the shock, there are so many details of the problem was not noticed before. One of the biggest problems is the difference between the login shell and the Non-login shell:

Defined:
Login Shell: When you get bash, you need a full login process called the login shell.
Non-login Shell: The method of getting the Bash interface does not require repeated login actions.

The biggest difference between the login shell and the Non-login shell is that the configuration file that reads the environment variable is different, when the system starts or when you start a new terminal login system, the system processes the login by calling the/bin/login program and displays a command prompt in a shell. The shell is the login shell, which can be bash or sh or csh, which shell can be set in/etc/passwd (the/bin/login program reads the file to decide which shell to use)

For example, with TTY1~TTY6 login, you need to enter a user name and password, which is called the login shell, SSH login to launch the shell, or useThe login shell is called when the Su-l switches the account.
When you log into Linux with X window and start the virtual terminal with the graphical interface of x, you do not need to enter a user name and password, and the bash environment is called the Non-login shell. Or use Bash to start a new shell in the original bash environment , as well as not requiring a user name and password, and the second bash is the Non-login shell. In addition, the SU command executes without specifying the-l parameter, and The new shell that uses bash-C wakeup is also the non-login shell.

So, as a result, the shell used by SSH login and SFTP login should be the login shell, so we set the bash configuration file accordingly.

In both cases where bash was taken, the profile read was not the same
The login shell will actually read these two settings:

1. /etc/profile: This is the system setting, you'd better not modify this file;
2. ~/.bash_profile or ~/.bash_login or ~/.profile: The user is set, you have to change your own information, write into this

/etc/profile only the login shell will read, and each user will be logged into a profile that is bound to be read when Bash is made! So if you want to help all users to set the overall environment, it is to change this
Similarly,/etc/profile will call the external settings, and the information will be called in sequence.

--From Brother Bird

In short, for the login shell, the system reads only/etc/profile a file, but he will call the personal configuration such as ~/.bash_profile, sequentially read, read first, priority reading, the configuration will not take effect, bash will read so many configurations , primarily for compatibility with other shells:

1. ~/.bash_profile
2. ~/.bash_login
3. ~/.profile

And ~/.bash_profile will call ~/.BASHRC, which means that the Login shell is eventually reading ~/.BASHRC

What about the pit daddy? I've changed my BASHRC since I've been around this big circle!

For the Non-login shell, only the ~/.BASHRC will be read directly, but BASHRC will call/ETC/BASHRC (Debian is/ETC/BASH.BASHRC)

And this/ETC/BASHRC has three main functions:

1. According to the different UID, the value of the umask is normalized.
2. According to the different UID, the specification is PS1, namely the content of the prompt
3. Call content in the/etc/profile.d/*sh directory

By the way , PS1, this is the interactive shell has an environment variable that determines the style of the prompt.

Bash Default Reference personal configuration uses the source command, so each time we modify the bash configuration, we can use the

Click Expand Code

The order immediately brought it into effect.

For the difference between the login shell and the Non-login shell, there is an easy way to practice that is to create a. bash_profile file in your home directory, write Umask 002, save the Shell to log back in, create a new file, view the properties , bash invokes the new shell, creates a new file, and contrasts their properties.

Shell

123456789101112131415161718

Stardust@Chaos:~$ touch 1 #建立新文件1 stardust@chaos:< Span class= "Crayon-o" >~$ ls -al 1   #查看属性是644 because the default umask is 022 -rw-r --r-- 1 stardust stardust 0 dec Span class= "CRAYON-CN" >29 16:50 1 Stardust@Chaos:~$ bash #采用 non-login Way to start a new shell Stardust@Chaos:~$ touch 2 stardust@chaos:< Span class= "Crayon-o" >~$ ls -al 2     #权限属性是644 because there is currently no modification to -rw-r --r-- 1 stardust stardust 0 dec Span class= "CRAYON-CN" >29 16:50 2 Stardust@Chaos:~$ nano . /. Bash_profile #编辑bash_profile Stardust@Chaos:~$ bash #采用 non-login Way to start a new shell Stardust@Chaos:~$ Touch 3 Stardust@Chaos:~$ ls -al 3 -RW-R--R-- 1 Stardust Stardust 0 Dec 3 : Wuyi #权限还是644 because the Non-login shell did not read Bash_profieStardust@Chaos:~$ su -l Stardust Password: after the #su plus-l parameter is the login Shell Stardust@Chaos:~$ Touch 4 stardust@chaos:< Span class= "Crayon-o" >~$ ls -al 4   #权限已经变为664, the custom umask takes effect -RW-rw-R-- 1 Stardust Stardust 0 Dec 4 : Wuyi

More tests on login shell see Login-shell and non login-shell difference and Bash Profile Experiment report

I wanted to verify these loading sequences with a simple test, but without success, we could only put one other person's validation: Understanding BASHRC and Profile

An additional section of the Bash Man manual explains these configuration files:

/etc/profile
The systemwide initialization file, executed for login shells
Initialization files for the entire system, executed for the login shell
~/.bash_profile
The personal initialization file, executed for login shells
Individual initialization files, executed for the login shell
~/.bashrc
The individual Per-interactive-shell startup file
The personal interactive Shell's starter file

Finally, I set up a manually in the/etc/passwd login directory. BASHRC added a sentence umask 002, to achieve

Umask permission Settings article