openssh: Default umask for SFTP?



I have a question concerning default umasks when using SFTP under
openssh. In case it makes a difference, my servers are based on Redhat
Enterprise Linux Version 4 Advanced Server, and the version of the
openssh package is currently openssh-3.9p1-8.RHEL4.15.

The issue is that when I SFTP a file onto the server, the default umask
used seems to be 077, given that files are created with mode 600 and
directories with mode 700.

What I would like is to change the default umask to 007 so that, when
using SFTP, files are created with mode 660 and directories with mode
770.

I've google'd on this and it seems to be a limitation (?) of openssh
where you cannot configure default umasks natively with the openssh
package. I realize that user profiles are not processed when you SFTP
in, but I would have expected some kind of SFTP-based option in the sshd
config file that would allow you to provision the default umask.

On a previous posting to this mailing list, I asked the question of how
to enable SFTP-only access (blocking SSH login and remote command
execution). I received valuable feedback, and was pointed to several
things, including the "scponly" shell. I haven't had the opportunity to
try that yet, but hope to do so soon. My hope is that this shell would
also provide some option where I could set the default umask, thus
killing two birds with one stone (ftp only and default umask).

I don't know what to make of what I've google'd on so far, so thought I
would pose the question to this mailing list.

As always, any help is greatly appreciated...

Thanks,
Mark



Relevant Pages

  • RE: [opensuse] sftp, howto chroot users to their home directories
    ... your server you shouldn't allow them to sftp into the server. ... Just get the latest openssh from source (which means probably updated ... pre-built opensuse rpm of openssh that's new enough to include the new ...
    (SuSE)
  • Re: SFTP questions
    ... drop files into our external users' directories for pick-up. ... verify the server they're connecting to is actually our server. ... Looking in the OpenSSH documentation, I don't see any way to do that, ... keeps the umask part of the client's setup in the client's ...
    (comp.security.ssh)
  • sftp on OpenSSH
    ... I have an existing server running OpenSSH 3.4p1. ... non-commercial ssh client version 3.1.0 to scp files to it regularly. ... the usage of sftp: ...
    (comp.security.ssh)
  • Re: Need for SFTP package, including API
    ... >I have been doing research on Secure FTP for a future business client. ... >>From the research I've done already, it seems most sftp server packages ... OpenSSH compiles on Cygwin out-of-the-box and Redhat ...
    (comp.security.ssh)
  • Re: sshfs and permissions
    ... sshfs, though it works on the server or through DokanFS. ... When creating a file in this directory while connect through the server ... The first paragraph of that URL mentions sftp, ... propagates the umask of the client to the server. ...
    (Debian-User)