Here's my situation: I'm setting up an Ubuntu 14.04 web server for a team to share. I'd like the team to have read/write access to everything inside var/www/html (same as CHMOD 775 on every file and folder).
My issue is that SFTP clients on the Mac (Transmit, Cyberduck, and FileZilla) don't respect the default permissions I've set up.
After several hours, I've walked through many steps to accomplish my goal:
Set up team permissions:
- Created a
myteamgroup - Added all users to the
myteamgroup - Changed the group ownership of
/var/www/htmltomyteam
At this point, ls -la of /var/www returns
drwxrwsr-x 2 marcelo myteam 4096 Jul 20 13:29 html
Set a default UMASK:
- Updated
/etc/ssh/sshd_configwithSubsystem sftp /usr/lib/openssh/sftp-server -u 002based on this article. - Updated
/etc/pam.d/sshdand/etc/pam.d/loginwith a new linesession optional pam_umask.so umask=0027based on this question - Updated
/etc/pam.d/common-session/with a new linesession optional pam_umask.soand edited/etc/login.defsto change the UMASK line toUMASK 002based on this question - Rebooted all appropraite services and/or rebooted the entire machine
At this point, if I SSH into the server via a shell, the umask command reports 002, and all new files and folders have the correct permissions. However, if I SFTP into the server via Transmit, Filezilla, Cyberduck, etc. and create files or folders, it does not respect and defaults files to rw-r--r-- and folders to rwxrwsr-x (the folders are correct). I checked, and the FTP clients are not overriding any permissions - those are disabled.
