[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] wiki update: conditionalized startup scripts over s

From: John Kinson
Subject: Re: [Gnu-arch-users] wiki update: conditionalized startup scripts over ssh
Date: Mon, 20 Sep 2004 13:17:11 +0100
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7) Gecko/20040616

Apologies for dragging this up again, but I've been unable to get the multiple ssh keys in conjunction with the ssh environment/rc approach to set a group-write umask as described in

I can successfully set a unique environment variable and test for this in the .ssh/rc file, but any changes to the umask don't persist beyond the .ssh/rc file invocation, for both sftp and ssh access.

Has anyone actually succeeded with this technique for real, or are Andrew's suggestions hypothetical?

Here's how I've configured my client and server:

Local .ssh/config file contains:

    Host arch-shared
            Hostname RealServerHostname
            IdentityFile ~/.ssh/id_rsa-shared

Server .ssh/authorized_keys file contains:

    environment="VC=arch-shared" ssh-rsa ... address@hidden

Server .ssh/rc file contains the following (I've included my debug code here too):

    echo Umask at start of .ssh/rc
    echo Exporting SSHRC env var
    export SSHRC

    if [[ ${VC:-} = *-shared ]]
        echo Setting umask for shared VC environment
        umask 0007
        echo Not setting umask - not a shared VC environment

When I ssh to arch-shared, the .ssh/rc file correctly sets the umask, but when I display the umask at the start of my .bash_profile (and /etc/bashrc), the umask has been reset to 0022. I've checked that no other initialization scripts such as /etc/profile have intervened. The test environment variable I export from .ssh/rc is unavailable too.

To me it would look like .ssh/rc is invoked as a separate subshell, in which case any umask (or environment variable) changes will not propagate to the invoking ssh/sftp session. Am I right?

Can anyone point out where I've gone wrong, or suggest an alternative? Patching sshd, or using a single account with multiple keys is not acceptable. I tried using the 'command="umask 0007"' prefix in authorized_keys instead of the 'environment' prefix, but that just runs the single command then closes the connection, which is of no use...



Robert Anderson wrote:

I dug up asuffield's instructions for how to conditionalize
startup scripts when invoked through tla sftp sessions.

It appears to be a very nice solution to the problem I complained
about yesterday, if one is only concerned about usage through sftp.

This solution should be documented more formally, IMO.  To assume
that any arch user should be able to figure this out on his own
without a significant time investment is totally absurd.


Gnu-arch-users mailing list

GNU arch home page:


If technology doesn't seem like magic,
it's probably obsolete.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]