SFTP - Incorrect upload permissions
When uploading new files and directories to the server, via SFTP logged in as a normal cpanel user, on a brand-new server 'CENTOS 6.8 x86_64 standard WHM 58.0 (build 23)' it seems that default permissions are wrong. The original files/dirs are all 644/755. When I upload with my GUI client (Transmit on Mac) the directories are being made group writeable but the files are ok (644/775), causing problems with suphp of course. Anecdotally, I believe I have a client using WS-FTP Pro on Windows, where files and dirs are being made group writeable (664/775). I need to verify that again.
I did some searching and had a look at /etc/bashrc and it looks correct. I sure haven't touched it.
# By default, we want umask to get set. This sets it for non-login shell.
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi
Any suggestion where else I might look?
-
This is exactly what i did, but also in etc/bashc. It then worked fine. I was even having the problem without an ftp. For instance if i used the command wp core download. all files would be 664. After changing 002 to 022 in both these files, i was able to upload through ftp and through wp cli correctly.
rudtek thank you so much for the correct answer I have been banging y head against the wall for hours trying all the other suggestions on this forum and others. Changing both files was the only thing that worked. I am using coreftp and also WinSCP,so this is definately the correct answer anyone else should try first..0 -
Hello, A customer has just pointed out to me that files and folders uploaded through SFTP (only SFTP) get incorrect permissions (664 and 775) on a freshly installed cPanel server. I found this thread so I have modified /etc/profile and /etc/bashrc, I have restarted sshd but the problem continues. I have also tried adding -u 22 to Subsystem as pointed out earlier in the thread but in this case I can't even connect through SFTP. Can anyone help with a new functional workaround, or even better with a final solution? Thanks! 0 -
@AndyB78 - there's a few different workarounds posted in this thread: https://forums.cpanel.net/threads/files-and-folders-uploaded-by-sftp-have-incorrect-permissions.610095/ Can you try those and see if that gets things working? If not, it might be best to open a ticket with our team as it seems you've done a few things already to test this without getting positive results. 0 -
@AndyB78 - there's a few different workarounds posted in this thread: https://forums.cpanel.net/threads/files-and-folders-uploaded-by-sftp-have-incorrect-permissions.610095/ Can you try those and see if that gets things working? If not, it might be best to open a ticket with our team as it seems you've done a few things already to test this without getting positive results.
Reporting back. In my case things went a little bit differently but it worked out in the end (though I was almost ready to give in and submit a ticket). After I have modified /etc/profile and /etc/bashrc (as many advises say) nothing happened on the spot. But the next day, it was working correctly. So I took it to the next server (we have migrated all our servers to freshly installed cPanel due to the CentOS6 EoL issue) and again, it hasn't worked. This made me think that maybe the nightly upcp made a difference so I ran upcp and after that it worked. Also please note that in my case modifying /etc/profile was not necessary and it has not helped (apparently) but I don't think it hurts in any way. The /etc/bashrc modification followed by running /scripts/upcp was enough.0 -
I'm glad that's working well now! 0 -
Resurrecting this as I just noticed the same problem. I upload with sftp and files are being added as 664 and folders as 775. I didn't notice it at first because it was only happening for new files/folders. Existing files/folders that already had the correct permissions stay correct even after uploading a more recent version. In the thread it says to modify the etc/profile and etc/bashrc files. In both of these files it says the following at the top : # It's NOT a good idea to change this file unless you know what you # are doing. It's much better to create a custom.sh shell script in # /etc/profile.d/ to make custom changes to your environment, as this # will prevent the need for merging in future updates.
What is the correct procedure to do it that way so any future updates that should happen will not overwrite my changes? I've ran into that problem waaaay too many times in the past and don't want to see changes wiped out because I modified a file directly. Any help would be appreciated. Thanks!0 -
We don't edit that file automatically - that caution is just in there because doing the wrong thing can hurt the user's environment. Editing /etc/bashrc is still a valid workaround at this time. 0 -
We don't edit that file automatically - that caution is just in there because doing the wrong thing can hurt the user's environment. Editing /etc/bashrc is still a valid workaround at this time.
Thanks for the reply. So is editing etc/profile not needed then? Just /etc/bashrc?0 -
Most users don't seem to need to edit /etc/profile in order to make this work. 0 -
Most users don't seem to need to edit /etc/profile in order to make this work.
After restarting ssh that did the trick. Thanks for the clarification.0 -
Just to confirm this fix still works as I just discovered the same issue with sftp uploading wrong permissions also. Took me a while to remember why it was happening as it happened to me before about a year ago. Luckily I saved this thread in my bookmarks and voila it is working again. 0
Please sign in to leave a comment.
Comments
41 comments