Ssh – How to put desired umask with SFTP

sftpssh

I have a SFTP server (openssh/sftp-server) and I would like to set umask 002 for users using this service. I tried setting PAM (pam.d/common-session), and .profile for each user, but no luck.

With SSH login everything is fine, but when I try with SFTP (with gFTP) I have the 022 umask set.

I already tried to use a wrapper for sftp-server that is changing the umask before calling the sftp-server, no luck.

Any help? Thanks a lot!

Best Answer

Since OpenSSH 5.4p1 I think, you can use the "-u" option, for example:

Subsystem sftp /usr/lib/openssh/sftp-server -u 022

From the man page:

 -u umask
         Sets an explicit umask(2) to be applied to newly-created files
         and directories, instead of the user's default mask.

Related Solutions

Ubuntu – Set up sftp to use password but ssh not to use password

As I understand you have (at least for this particular problem) two distinct groups of users, one being able to login via SSH and get an interactive shell (let's call the group ssh) and one being able to login via SFTP and only get an SFTP shell (let's call the group sftp).

Now create the groups ssh and sftp on your system with groupadd, put the respective users in the groups (gpasswd -a $USERNAME $GROUPNAME) and append the following lines at the end (this is important!) of your sshd_config located at /etc/ssh/sshd_config:

Match Group sftp
  PasswordAuthentication yes
  # Further directives for users in the "sftp" group

Match Group ssh
  PasswordAuthentication no
  # Further directives for users in the "ssh" group

Read about the Match directive in sshd_config(5) and about the allowed patterns in ssh_config(5).

You'll also have to restart the ssh process for this to take effect:

sudo /etc/init.d/ssh restart

Ssh – How to setup ssh’s umask for all type of connections

I can suggest trying 2 things:

pam_umask
LD_PRELOAD wrapper (self-written?)

Best Answer

Related Solutions

Ubuntu – Set up sftp to use password but ssh not to use password

Ssh – How to setup ssh’s umask for all type of connections

Related Topic