We have an Ubuntu 10.04 server. How can I set it so that new files created (or copied) over SFTP or SSH have g+rw and g+rwx permissions (where appropriate)?
I'm also using setgid (chmod g+s) so that they inherit the proper group owner.
Asked
Active
Viewed 3.2k times
2 Answers
13
In /etc/ssh/sshd_config, you can pass a flag and value in (-u 0002) like the following to set the umask value:
Subsystem sftp /usr/lib/openssh/sftp-server -u 0002
Append the -u 0002 to the existing Subsystem sftp line of the configuration file.
Afterwards, you will need to restart ssh for the changes to take effect:
service ssh restart
Domino
- 265
10
In /etc/ssh/sshd_config, change the following:
Subsystem sftp /usr/lib/openssh/sftp-server
to:
Subsystem sftp /bin/sh -c 'umask 0002; exec /usr/libexec/openssh/sftp-server'
Soure: http://jeff.robbins.ws/articles/setting-the-umask-for-sftp-transactions
wag2639
- 2,165
-
1It's better to put an
execbefore the final/usr/.../sftp-server, so that you won't have uselessshprocesses lying around. – u1686_grawity Jun 13 '10 at 20:32 -
Also, an umask is just a number;
0002can be written shorter as02. – u1686_grawity Jun 13 '10 at 20:33 -
-
2Yes, umasks are octal. That doesn't mean you need three leading zeroes - one is enough. (In fact, the
umaskcommand doesn't need any leading zeroes, it always reads the argument as an octal number.) ... But on the second thought, maybe0002is clearer to understand. – u1686_grawity Jun 19 '10 at 20:52 -
2
-
This answer doesn't work with new openssh anymore. Received unexpected end-of-file from SFTP server. See the other answer. – Cano64 Apr 20 '17 at 13:46
Subsystem sftp internal-sftp. – underscore_d Oct 09 '15 at 12:27