Troubleshooting
Problem
How to change the sftp umask for a single or group of users.
Resolving The Problem
To change the sftp umask for a single user or a group of users. Edit the /etc/ssh/sshd_config file and add the following.
NOTE: Openssh version needs to be at 5.4p1 or higher.
NOTE: The umask needs to be converted from Octal to Decimal.
Example:
A umask of 111 in Octal will yield 73 in decimal, which we
will use in this example.
#vi /etc/ssh/sshd_config
Add the following two lines at the end of the file to configure the sftp umask for a group of users.
Match Group <group name>
ForceCommand internal-sftp -u 73
Or, add the following two lines at the end of the file to configure the sftp umask for a single user.
Match User <user name>
ForceCommand internal-sftp -u 73
Restart the sshd daemon.
#stopsrc -s sshd
#startsrc -s sshd
Test it from the client.
------------------------
Create a file on sftp client and change permissions to 777.
#touch tst2
#chmod 777 tst2
# ls -l tst2
-rwxrwxrwx 1 root system 0 Nov 17 12:58 tst2
sftp user@test.austin.ibm.com
Connecting to test.austin.ibm.com...
user@test.austin.ibm.com's password:
sftp> put tst2
Uploading tst2 to /home/user/tst2
tst2 100% 0 0.0KB/s 00:00
On the sftp server test.austin.ibm.com the permissions of the new tst2 file should be 666.
-------------------------------------------------------------
ls -l tst2
-rw-rw-rw- 1 user staff 0 Nov 17 13:49 tst2
NOTE: You cannot use the umask on sftp to change the permission on a file to be less restrictive than the original file.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1012565