IBM Support

IT20161: SFTP SERVER ADAPTER CONFIGURED WITH PAYLOAD REPOSITORY FILE SYSTEM CHANGES THE FILE PERMISSIONS TO 600 ON DOWNLOADED FILE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When connecting to the SFTP Server Adapter using Payload,
    Repository of File System from the remote SFTP client, the file
    permission presented is (-rw-------) 600 (Read & Write by owner
    only) on the files. The SFTP server adapter has changed the
    permissions, and this permission is too strict for the remote
    clients. But from the OS prompt issuing a directory listing on
    files, the permissions are presented correctly as 644.
    On systems where client software downloads the files with the
    "preserve permissions" option this can cause problems when the
    downloaded file needs to be accessible to another user, e.g a
    user in the same permissions group.
    A method is needed to relax file permissions so that the files
    downloaded via any sftp client can set the permission value to
    -rw-rw-r--(664), instead of the 600.
    

Local fix

  • STRRTC 431515
    LB/LB
    Circumvention: After the SFTP client downloads the file, you
    can issue a CHMOD command on the file to change the permissions
    to the desire settings.
    

Problem summary

  • USERS AFFECTED:
    All
    
    PROBLEM DESCRIPTION:
    The SFTP Server adapter with payload repository File System
    changes the file permissions to 600, and this permission is too
    strict for the remote clients.
    
    PLATFORMS AFFECTED:
    All
    

Problem conclusion

  • RESOLUTION SUMMARY:
    
    This is not a bug in our product.
    Since customer requested that it is essential for them to have
    code level fix so that the files downloaded via any sftp client,
    shall have the permission value of -rw-rw-r--(664), we are
    treating this as an enhancement request and have made necessary
    changes.
    With this change now, the customer will have the privilege to
    set the desired permissions on the file.
    
    We have made this fix property based so that we do not alter the
    existing functionality in the product.
    
    There are two properties in sftp.properties that needs to be
    used to consume this fix.
    
        1. FSFilePermissionOverride
     -> This property is used to relax the permissions set on the
    file retrieved from the filesystem payload repository using sftp
    client
                 -> If this property value is set to true, then set
    the property 'filePermission' accordingly to have the desired
    permissions on the files that are downloaded from the filesystem
    payload repository using any sftp client.
                -> Leaving this property blank/setting it to false
    ensures that the files will have the default permission set as
    600(-rw-------)
                -> NOTE : This property is not applicable for
    windows SI SFTP Server
    
        2. FSfilePermission
             -> This property is used to set the 'user-group-other'
    permissions on the files that will be downloaded from the
    filesystem payload repository using any sftp client.
     -> If this property is left blank or set to an invalid value,
    then the default value of 600 will be used for the permissions
    on the file.
     -> NOTE : This property is not applicable for windows SI SFTP
    Server
    
    
    Delivered In:
    5020602_4
    5020603_2
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT20161

  • Reported component name

    STR B2B INTEGRA

  • Reported component ID

    5725D0600

  • Reported release

    526

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2017-04-11

  • Closed date

    2017-05-11

  • Last modified date

    2017-06-16

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR B2B INTEGRA

  • Fixed component ID

    5725D0600

Applicable component levels

  • R526 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.6","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]

Document Information

Modified date:
16 June 2017