Comments on: Setting the umask for SFTP transactions

By: jeffro

jeffro — Tue, 20 Dec 2011 00:24:22 +0000

HI Bryan, this unfortunately doesn’t work. The sftp subsystem doesn’t spin up a bash shell to complete the command. Thus, your.bashrc file is never read. This was one of the first things I tried when I initially encountered this issue.

By: Bryan

Bryan — Mon, 19 Dec 2011 17:13:08 +0000

try adding umask command to .bashrc
(.bash_profile is for interactive)

~]$ cat .bashrc
# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

# User specific aliases and functions

# Friendly file creation mask
umask u=rwx,g=rwx,o=r

By: Malcolm

Malcolm — Mon, 28 Nov 2011 20:40:13 +0000

I hope this can save someone else hours of frustration…

If you’re using a GUI SFTP application, check its preferences for setting permissions on upload.

I had tried all the solutions above, and it turns out the application was just overriding them.

By: Glitch Hop

Glitch Hop — Tue, 27 Sep 2011 20:32:42 +0000

Interesting! I finally realized why the -u flag wasn’t allowing the SFTP session to launch. That flag is only available in OpenSSH_5.4p1 and above, and i was running OpenSSH_5.3p1

http://serverfault.com/questions/70876/how-to-put-desired-umask-with-sftp

By: Simon

Simon — Wed, 14 Sep 2011 07:54:38 +0000

Sadly, we are in the process of migrating from SLES to RHEL. Most systems are v6, but in the case of the above one it is v5.5.
RHEL v6.1 comes with OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010, so reasonably recent.

I would have preferred Debian or Solaris, but non-IT folk made the decision…

By: jeffro

jeffro — Tue, 13 Sep 2011 15:06:50 +0000

I have seen in the past that RHEL uses very old versions of certain services. Very stable, but very old. I rarely ever use Red Hat based distro’s on my servers, so I don’t encounter this much.

Thanks for the posts @simon

By: Simon

Simon — Tue, 13 Sep 2011 14:50:44 +0000

Note that RHEL 5.5 uses an old OpenSSH version:
# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
The RPM package is : openssh-server-4.3p2-41.el5_5.1

This is quite old. The latest version is 5.9.
Version 4.3 was released on February 1, 2006

By: Simon

Simon — Tue, 13 Sep 2011 14:40:24 +0000

Tried this on RHEL 5.5 kernel 2.6.18-194.17.4.el5PAE

TEST 1:
Subsystem sftp /bin/sh -c ‘umask 0002; /usr/libexec/openssh/sftp-server’

Restarted ssh.
Result: Ignored umask, and instead put file with rw-r–r–

TEST2:
Subsystem sftp /usr/libexec/openssh/sftp-server -u 0002

Restarted ssh.
Result: Unable to log in via SFTP. Authenication works, but Connection closed

TEST3
Subsystem sftp /usr/libexec/openssh/sftp-server
Restarted ssh.
Removed .bashrc and .bash_profile from user home directory.
Added only this line into .bash_profile: umask 0002
Result: File put as -rw-r–r–

TEST4
Subsystem sftp /usr/libexec/openssh/sftp-server
Restarted ssh.
Removed .bashrc and .bash_profile from user home directory.
Set umask locally as: umask 0002 and then ran sftp command.
Result: File put as -rw-r–r–

TEST5
Same as TEST4, but set umask within SFTP client e.g:
sftp> lumask 0002
Local umask: 002
Result: File put as -rw-r–r–

Conclusion: Umask setting over SFTP on RHEL 5.5 is unimplemented. What a load of cr*p.

By: Simon

Simon — Mon, 12 Sep 2011 14:32:42 +0000

I tried all of the above methods on RHEL 5 ,and none worked. I restarted ssh each time.

By: How do I set default permissions for SFTP for an Ubuntu Server? - Admins Goodies

How do I set default permissions for SFTP for an Ubuntu Server? - Admins Goodies — Wed, 17 Aug 2011 08:03:05 +0000

[...] Soure: http://jeff.robbins.ws/articles/setting-the-umask-for-sftp-transactions [...]