问题:在AIX操作系统中,用root用户ftp文件到AIX上后,文件的默认权限是rw-r-----,Oracle用户无法读取。有没有办法指定上传文件的权限呢?
环境: AIX 6.1
解决方法:
1、在客户端设置。
关键要看客户端是否支持site命令,执行site umask 022进行设置。
[sycms1@root]/etc>ftp 138.*.*.*
Connected to 138.*.*.*.
220 gywlapp FTP server (Version 4.2 Wed Dec 23 11:06:15 CST 2009) ready.
Name (138.*.*.*:root): root
331 Password required for root.
Password:
230-Last unsuccessful login: Tue Feb 22 10:03:46 CST 2011 on /dev/pts/1 from 192.168.100.111
230-Last login: Tue Mar 1 17:44:36 CST 2011 on ftp from ::ffff:138.*.*.*
230 User root logged in.
ftp> ?
Commands may be abbreviated. Commands are:
Connected to 138.*.*.*.
220 gywlapp FTP server (Version 4.2 Wed Dec 23 11:06:15 CST 2009) ready.
Name (138.*.*.*:root): root
331 Password required for root.
Password:
230-Last unsuccessful login: Tue Feb 22 10:03:46 CST 2011 on /dev/pts/1 from 192.168.100.111
230-Last login: Tue Mar 1 17:44:36 CST 2011 on ftp from ::ffff:138.*.*.*
230 User root logged in.
ftp> ?
Commands may be abbreviated. Commands are:
! image reget
$ lcd reinitialize
account local remotehelp
append ls rename
ascii macdef reset
bell mdelete restart
binary mdir rhelp
block mget rmdir
bye mkdir rstatus
carriage-control mls runique
case mode safe
cd modtime send
cdup mount sendport
clear mput site
close nmap size
copylocal nlist status
cr non-print stream
delete ntrans struct
debug open sunique
dir passive system
disconnect private telnet
ebcdic prompt tenex
epsv protect trace
exp_cmd proxy type
file put user
form pwd verbose
get quit ?
glob quote clearcom
hash record
help recv
-- 可以看到aix的默认工具支持site
$ lcd reinitialize
account local remotehelp
append ls rename
ascii macdef reset
bell mdelete restart
binary mdir rhelp
block mget rmdir
bye mkdir rstatus
carriage-control mls runique
case mode safe
cd modtime send
cdup mount sendport
clear mput site
close nmap size
copylocal nlist status
cr non-print stream
delete ntrans struct
debug open sunique
dir passive system
disconnect private telnet
ebcdic prompt tenex
epsv protect trace
exp_cmd proxy type
file put user
form pwd verbose
get quit ?
glob quote clearcom
hash record
help recv
-- 可以看到aix的默认工具支持site
ftp> lcd /etc
Local directory now /etc
ftp> cd /tmp
250 CWD command successful.
-- 测试建设目录
ftp> mkdir www
257 MKD command successful.
-- 测试上传文件
ftp> mput hosts
mput hosts? y
200 PORT command successful.
150 Opening data connection for hosts.
226 Transfer complete.
2221 bytes sent in 0.003818 seconds (568.1 Kbytes/s)
local: hosts remote: hosts
-- 修改默认的mask,执行之后umask变成了022(默认是027),下面再建一个目录和文件进行对比。
ftp> site umask 022
200 UMASK set to 022 (was 027)
-- 测试建设目录www2
ftp> mkdir www2
257 MKD command successful.
-- 测试上传文件rc.net
ftp> mput rc.net
mput rc.net? y
200 PORT command successful.
150 Opening data connection for rc.net.
226 Transfer complete.
9085 bytes sent in 0.005395 seconds (1644 Kbytes/s)
local: rc.net remote: rc.net
ftp>
再切换到服务器看下权限。
mput hosts? y
200 PORT command successful.
150 Opening data connection for hosts.
226 Transfer complete.
2221 bytes sent in 0.003818 seconds (568.1 Kbytes/s)
local: hosts remote: hosts
-- 修改默认的mask,执行之后umask变成了022(默认是027),下面再建一个目录和文件进行对比。
ftp> site umask 022
200 UMASK set to 022 (was 027)
-- 测试建设目录www2
ftp> mkdir www2
257 MKD command successful.
-- 测试上传文件rc.net
ftp> mput rc.net
mput rc.net? y
200 PORT command successful.
150 Opening data connection for rc.net.
226 Transfer complete.
9085 bytes sent in 0.005395 seconds (1644 Kbytes/s)
local: rc.net remote: rc.net
ftp>
再切换到服务器看下权限。
执行umask前,文件默认是-rw-r-----目录是drwxr-x---,
执行umask后,文件默认是-rw-r--r--目录是drwxr-xr-x,。
# cd /tmp
# ls -ltr
total 260920
drwx------ 2 root system 256 Jul 02 2010 lost+found
# ls -ltr
total 260920
drwx------ 2 root system 256 Jul 02 2010 lost+found
……
drwxr-x--- 2 root system 256 Mar 01 18:14 www
drwxr-xr-x 2 root system 256 Mar 01 18:15 www2
-rw-r----- 1 root system 2154 Mar 01 18:15 hosts
-rw-r--r-- 1 root system 8873 Mar 01 18:16 rc.net
drwxr-xr-x 2 root system 256 Mar 01 18:15 www2
-rw-r----- 1 root system 2154 Mar 01 18:15 hosts
-rw-r--r-- 1 root system 8873 Mar 01 18:16 rc.net
ps:为啥是umask 022就会自动对应rw-r-r呢?这个说起来有点长了,简单说吧。
以umask 022为例 :
目录为777-022=755
文件为666-022=644
执行"ls -l",会显示以下权限,(r=4, w=2, x=1)
目录:rwxr-xr-x
文本文件:rw-r--r--
2、在服务器端设置。
本方法适用AIX操作系统,修改/etc/inetd.conf,将ftp一行改为:
ftp --stream tcp6 --nowait root-- /usr/sbin/ftpd ftpd -u xxx
其中-u是新的umask。
然后运行refresh -s inetd。
ps:这种方法对所有使用ftp的用户有效,已经连接的用户需要重新连接才能生效。