As far as I know, there is nothing. Permissions come from the source machine, and unless the source system is an IBM i, I don't think it would be possible. https://www.ibm.com/support/pages/openssh-and-sftp-authority-considerations-integrated-file-system-ifs is a good place to start, and there are some things you can search on for more information listed in there. We use a CHGAUT I believe, but the one place we do that, we get a batch of files overnight, and just just schedule the security fix between the when the transfer should end and the first time someone will need access.

On Tue, 2021-11-23 at 21:44 +0100, stefan@xxxxxxxxxx wrote:
Hi Patrik,

I have no idea at all what's going on at the client end of this transfer as
we have no control over it - my customer complains that the applications
trying to catch the files at the IBM I server have authority issues.
Searching for umask in the ibm i-manuals at hand does not reveal any hits.
In this environment around 150.000 streamfiles are created daily so I need
to be aware of performance.
I vaguely remember reading something about setting a config option to allow
for group authority as well but of course I'm not able to find it.....

Thank you for your time and effort,

Best regards

Stefan

--
No trees were killed in the sending of this message, but a large number of
electrons were terribly upset.

Stefan Tageson
+46 732 369934
stefan@xxxxxxxxxx<mailto:stefan@xxxxxxxxxx>

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx<mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx>> On Behalf Of Patrik
Schindler
Sent: Tuesday, November 23, 2021 9:21 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxxxxxxxx>>
Subject: Re: IBM i receiving streamfiles using sftp

Hello Stefan,

Am 23.11.2021 um 21:05 schrieb <stefan@xxxxxxxxxx<mailto:stefan@xxxxxxxxxx>> <stefan@xxxxxxxxxx<mailto:stefan@xxxxxxxxxx>>:

Any chance to configure sshd to allow anything more than object owner
authority to be set on a file received using sftp?

Existing folders authorisation list settings etc seems not to be
inherited to the new file.

Are you sure that the file isn't using the authorization flags from the
remote file? At least that's how I know that stuff to work on Linux.

The sender might also use chmod to set less strict rights after transfer.

Depending on the sftp-server being in use, a so called umask may be
specified in its configuration to override a system derived default for
creating local files:

https://en.wikipedia.org/wiki/Umask

This may or may not work, depending on how "forcefully" the sender tries to
make both copies of the file have similar access rights.

On Linux, I usually deal with such situations by handling received files
with the user profile which was used to log on via (s)ftp. Maybe this is
something to consider for you, also?

:wq! PoC

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxxxxxxxx> To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
https://amazon.midrange.com


[https://www.medtronsoftware.com/img/MedtronMinilogo.bmp]
Kevin Bucknum

Senior Programmer Analyst

MEDDATA / MEDTRON

120 Innwood Drive
Covington LA 70433
Local: 985-893-2550<tel:985-893-2550>
Toll Free: 877-893-2550<tel:877-893-2550>
https://www.medtronsoftware.com


CONFIDENTIALITY NOTICE

This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of these documents is STRICTLY PROHIBITED. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.