Direct links to fixes
APAR status
Closed as program error.
Error description
When connecting to the SFTP Server Adapter using Payload, Repository of File System from the remote SFTP client, the file permission presented is (-rw-------) 600 (Read & Write by owner only) on the files. The SFTP server adapter has changed the permissions, and this permission is too strict for the remote clients. But from the OS prompt issuing a directory listing on files, the permissions are presented correctly as 644. On systems where client software downloads the files with the "preserve permissions" option this can cause problems when the downloaded file needs to be accessible to another user, e.g a user in the same permissions group. A method is needed to relax file permissions so that the files downloaded via any sftp client can set the permission value to -rw-rw-r--(664), instead of the 600.
Local fix
STRRTC 431515 LB/LB Circumvention: After the SFTP client downloads the file, you can issue a CHMOD command on the file to change the permissions to the desire settings.
Problem summary
USERS AFFECTED: All PROBLEM DESCRIPTION: The SFTP Server adapter with payload repository File System changes the file permissions to 600, and this permission is too strict for the remote clients. PLATFORMS AFFECTED: All
Problem conclusion
RESOLUTION SUMMARY: This is not a bug in our product. Since customer requested that it is essential for them to have code level fix so that the files downloaded via any sftp client, shall have the permission value of -rw-rw-r--(664), we are treating this as an enhancement request and have made necessary changes. With this change now, the customer will have the privilege to set the desired permissions on the file. We have made this fix property based so that we do not alter the existing functionality in the product. There are two properties in sftp.properties that needs to be used to consume this fix. 1. FSFilePermissionOverride -> This property is used to relax the permissions set on the file retrieved from the filesystem payload repository using sftp client -> If this property value is set to true, then set the property 'filePermission' accordingly to have the desired permissions on the files that are downloaded from the filesystem payload repository using any sftp client. -> Leaving this property blank/setting it to false ensures that the files will have the default permission set as 600(-rw-------) -> NOTE : This property is not applicable for windows SI SFTP Server 2. FSfilePermission -> This property is used to set the 'user-group-other' permissions on the files that will be downloaded from the filesystem payload repository using any sftp client. -> If this property is left blank or set to an invalid value, then the default value of 600 will be used for the permissions on the file. -> NOTE : This property is not applicable for windows SI SFTP Server Delivered In: 5020602_4 5020603_2
Temporary fix
Comments
APAR Information
APAR number
IT20161
Reported component name
STR B2B INTEGRA
Reported component ID
5725D0600
Reported release
526
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-04-11
Closed date
2017-05-11
Last modified date
2017-06-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR B2B INTEGRA
Fixed component ID
5725D0600
Applicable component levels
R526 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.6","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
16 June 2017