I have a SFTP server (openssh/sftp-server) and I would like to set umask 002 for users using this service. I tried setting PAM (pam.d/common-session), and .profile for each user, but no luck.
With SSH login everything is fine, but when I try with SFTP (with gFTP) I have the 022 umask set.
I already tried to use a wrapper for sftp-server that is changing the umask before calling the sftp-server, no luck.
Any help? Thanks a lot!
Since OpenSSH 5.4p1 I think, you can use the "-u" option, for example:
Subsystem sftp /usr/lib/openssh/sftp-server -u 022
From the man page:
-u umask
Sets an explicit umask(2) to be applied to newly-created files
and directories, instead of the user's default mask.
I hope this can save someone else hours of frustration...
If you're using a GUI SFTP application, check its preferences for setting permissions on upload.
I had tried all the solutions above, and it turns out the application was just overriding them.
In the ssh config file you can also use this to set the mode of the file specifically (overriding any chmod that the client may try to set). Here I am using internal-sftp but I guess it would be the same for sftp-server:
ForceCommand internal-sftp -u 0022
After many hours trying to apply various hacks and fixes i've found a proper solution!
There's a patch for SSH that permits you to chose the umask that you want for SFTP. You can download it here: http://sftpfilecontrol.sourceforge.net/
For me (OpenSSH_5.2p1+sftpfilecontrol-v1.3, OpenSSL 0.9.8g 19 Oct 2007) it's working perfectly!
To quote this message:
I got this working okay by adding a "umask 007" line in /etc/init.d/ssh.
Bash uses the .profile for interactive login shells. I don't think sftp counts as one. You might be able to set the umask in /etc/bash.bashrc or ~/.bashrc if the tip above doesn't work or you want more fine-grained control.
Refer to this question to find a simple solution that doesn't require specific openssh versions nor custom patches.
