openssh: Default umask for SFTP?
- From: "Mark Holden" <mholden@xxxxxxxxxx>
- Date: Tue, 10 Oct 2006 11:43:27 -0500
I have a question concerning default umasks when using SFTP under
openssh. In case it makes a difference, my servers are based on Redhat
Enterprise Linux Version 4 Advanced Server, and the version of the
openssh package is currently openssh-3.9p1-8.RHEL4.15.
The issue is that when I SFTP a file onto the server, the default umask
used seems to be 077, given that files are created with mode 600 and
directories with mode 700.
What I would like is to change the default umask to 007 so that, when
using SFTP, files are created with mode 660 and directories with mode
I've google'd on this and it seems to be a limitation (?) of openssh
where you cannot configure default umasks natively with the openssh
package. I realize that user profiles are not processed when you SFTP
in, but I would have expected some kind of SFTP-based option in the sshd
config file that would allow you to provision the default umask.
On a previous posting to this mailing list, I asked the question of how
to enable SFTP-only access (blocking SSH login and remote command
execution). I received valuable feedback, and was pointed to several
things, including the "scponly" shell. I haven't had the opportunity to
try that yet, but hope to do so soon. My hope is that this shell would
also provide some option where I could set the default umask, thus
killing two birds with one stone (ftp only and default umask).
I don't know what to make of what I've google'd on so far, so thought I
would pose the question to this mailing list.
As always, any help is greatly appreciated...