3

I've been searching here and but I could not find similar question.

I have set up SSH and sftp server on debian 7, the problem is that the umask is applied without execute permissions. Even if I change the different value, execute permissions are never applied.

Here is my configuration:

Match Group sftp-users  
    ChrootDirectory /sftp/%u
    AuthorizedKeysFile  /sftp/%u/.ssh/authorized_keys   
    X11Forwarding no 
    AllowTcpForwarding no 
    # AuthenticationMethods    publickey 
    ForceCommand internal-sftp -u 0002

Example:

  • -u 0002 uploaded file.txt should get 775 permissions but gets 664 instead
  • -u 0222 uploaded file.txt should get 555 but got 444
  • -u 0666 uploaded file.txt should get 111 but got 000

Could you please let me know which files should be checked or what other config you need to see? Thank you!

oglop
  • 251
  • 3
  • 8

1 Answers1

0

First you should understand what is the umask (manual page explains it quite well). It is not a complete negation of the permissions you will get, but a mask of permissions that should get stripped from the original permissions of the uploaded file. This means, that you need to take into the account the original permission of the file you are trying to upload, which is generally 0666, unless it is executable file (but you can never know what permissions will have the files users are going to upload).

This is why there is a bug in upstream OpenSSH to request a functionality as you describe, but it is certainly not called umask anymore. If you want to use this functionality, it is already in Fedora/RHEL.

Jakuje
  • 9,715
  • 2
  • 42
  • 45