Comments (11)
WinFsp 2018.1 B3 is out and includes create_umask
. Please try it out and report back.
from sshfs-win.
Ok, I will file an enhancement request for a create_umask
option in the WinFsp-FUSE layer and close this. I think other FUSE file systems could benefit from this feature.
from sshfs-win.
A fix for this has been included in WinFsp and will be available in the next beta (2018.1 B3).
from sshfs-win.
The umask
option under FUSE does not work like umask
under the normal UNIX prompt. Under FUSE if you set umask=022
you will get a file mode of 755
, regardless of what the original file mode is on the remote file system.
I understand that this is counter-intuitive. However I believe the WinFsp-FUSE (and consequently SSHFS-Win) implementation to be correct. Here is how LIBFUSE (the reference FUSE implementation) does it:
https://github.com/libfuse/libfuse/blob/fuse-2_9_bugfix/lib/fuse.c#L1386-L1388
from sshfs-win.
I didn't mean the permissions on the local system. On Windows those don't really make sense anyway. What I meant were the permissions on the remote system.
After playing around with the umask option, I realized that those "more or less" only affect the local permissions.
What I expect though, when mounting an SSHFS remote, is changing the permissions of files which I create.
For example, I mounted my remote and then I created a file. When I check the file on the remote machine, it always has permissions of 0700
. It is there on the remote though, where I would like directories to have 0755
and newly created files to have 0644
, when setting a umask of 0022
.
from sshfs-win.
I didn't mean the permissions on the local system. On Windows those don't really make sense anyway. What I meant were the permissions on the remote system.
Actually under WinFsp the permissions bits are honored to the extent that it is possible. There is a very elaborate scheme that maps POSIX permissions to Windows ACL's and vice-versa. It is by no means perfect or complete, but it works in many cases.
The scheme is compatible with the one used by Cygwin and Microsoft's Services For UNIX.
After playing around with the umask option, I realized that those "more or less" only affect the local permissions.
Correct.
In general I find little reason to use it with SSHFS unless I need to force permissions (as seen by the local OS) for some reason (e.g. to allow access to additional users).
What I expect though, when mounting an SSHFS remote, is changing the permissions of files which I create.
I believe that the umask for newly created files is controlled by the SFTP server and not the client. My understanding is that the client does not have the ability to send the umask on the SFTP server. See, for example, this (unaccepted) stackoverflow answer which describes how to set the umask on the server.
from sshfs-win.
I had a look at the stackoverflow article and tried the suggestions there without any effect. Then I went to the OpenSSH IRC channel and discussed this issue.
We tested a multitude of scenarios and also Linux sshfs/fuse and apparently the sshfs mount simply creates the file on the remote with the local (system-wide) umask. The same permission that a locally created file would have. Albeit with one exception - the other bit is always 0. Only user and group bits are used.
Here are a few examples to better clarify the behavior.
umask 022
touch file
ssh [email protected]
ls -l file
-rw-r----- 1 user user 0 Oct 5 00:00 file
umask 222
touch file
ssh [email protected]
ls -l file
-r--r----- 1 user user 0 Oct 5 00:00 file
umask 077
touch file
ssh [email protected]
ls -l file
-rw------- 1 user user 0 Oct 5 00:00 file
umask 077
mkdir testdir
ssh [email protected]
ls -l
drwx------ 1 user user 4.0K Oct 5 00:00 testdir
umask 022
mkdir testdir
ssh [email protected]
ls -l
drwxr-x--- 1 user user 4.0K Oct 5 00:00 testdir
As you can see from the examples, the behavior mirrors the local umask setting with execute bits for directories and no execute bits for files. The "other" bits are ignored (for whatever reason, we couldn't find out why. Maybe it has something to do with allow_other
).
Since Windows doesn't have this concept of umask and POSIX permissions though, I feel like SSHFS-Win will probably need to simulate the local umask.
SSHFS-Win would only result in 700
permission for both files and directories that are newly created.
from sshfs-win.
umask 022 touch file ssh [email protected] ls -l file -rw-r----- 1 user user 0 Oct 5 00:00 file
Looking at your example I am not sure I quite understand it. You set the umask, then touch the file and then list it. I am assuming that you are doing this on a (Linux?) SSHFS mount. But what is the ssh command doing in there?
I am looking into this more and I think it is normal Windows behavior:
-
On POSIX when a program creates a file it usually uses
0666
(orDEFFILEMODE
) and it relies on the umask to remove inappropriate bits. Hence you may get the usual0644
. -
On Windows when a program creates a file it usually uses the
NULL
(or default) security descriptor. This instructs the file system to use an ACL that only includes the file creator. When this gets translated into POSIX permissions you get0700
. Not much we can do about this other than create a new option in SSHFS that allows one to hardcode the "create" umask (i.e. what the FUSE umask option should probably have been in FUSE). Something along the lines of-o create_umask=022
. -
On Cygwin (where there is a concept of umask) this actually works the same way as in Linux:
billziss@windows:/cygdrive/y$ umask 0022 billziss@windows:/cygdrive/y$ echo hello>world billziss@windows:/cygdrive/y$ ls -l world -rw-r--r-- 1 billziss NETWORK SERVICE 6 Oct 5 14:57 world
from sshfs-win.
Looking at your example I am not sure I quite understand it. You set the umask, then touch the file and then list it. I am assuming that you are doing this on a (Linux?) SSHFS mount. But what is the ssh command doing in there?
Yes, it's on Linux. umask
is on the local machine inside the root path of the sshfs mount. Then touch
a file or mkdir
. Then ssh
into the remote machine and ls -l
to check the permissions on the remote machine.
Not much we can do about this other than create a new option in SSHFS that allows one to hardcode the "create" umask.
Yes, I thought the same. It's simply an "incompatibility" between POSIX and Windows. The only other option would be to hijack Cygwin's umask, but I think that will be much more complicated and only lead to confusion and complexity.
from sshfs-win.
Hello Bill,
I am having the same issue as described above. I have umask set on the server. And when i Have the clients mounted through the ssh commands. Any file or folder they create is creating as 700. So then when someone else tries to access it they can not. I can of course go back to the server and chmod 777 the trouble directories but I am under the impression when the mount happens it should at the very least assume the global umask security settings. Unless I am way off base and each user has its own umask settings set somewhere. I am using linux centos 6 server and various windows client machines.
Thank you in advance.
from sshfs-win.
My apologies. This has fallen off my radar. I just added a new issue in WinFsp to track it and will close this.
from sshfs-win.
Related Issues (20)
- Complain about the painful prefix setting HOT 1
- Async fs?
- How can i change a sshfs mapped drive letter? HOT 1
- Problem with SSHFS to Couchdrop HOT 1
- Can not delete drive with net use <drive>: /d HOT 1
- Slow autocompletion in cygwin bash / enabling directory ls caching
- Errors running executables: 0x800704b3 and ShellExecuteExfailed; code1203
- Setup Instructions for noobs / SSH for dummies
- Offline files do not work
- using ssh private key to create connection doesnt happen by default HOT 1
- Can't connect to host HOT 1
- Unable to connect, unable to stop the attempt to connect, and unable to edit/modify connection params HOT 1
- How to prevent a connection timeout (solution for reference) HOT 4
- Impossible to connect - Connection reset by peer HOT 1
- The token '&&' is not a valid statement separator in this version.
- "sshfs" version is too old. Please update to at least version 3.5.2
- Can't open fonts under Windows 10
- Why are the symbols in `fuse3/fuse.h` prefixed with fuse3? HOT 1
- how to specify `ssh_command` in order to prevent it from reading ssh config?
- cannot track login/logout activities of ssh-win on server side
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sshfs-win.