Hi,
When transferring files via SFTP, they always receive 644 permissions, but I need them to be 664 instead. Alternatively, I want to prevent the user’s umask from being applied to the permissions of uploaded files.
$ sftp sftpserver
sftp> !ls -l file
-rw-r--r--. 1 jenn jenn 0 Dec 15 09:49 myfile
sftp> put -p file
Uploading file to /root/file
file 100% 0 0.0KB/s 00:00
sftp> ls -l
-rw-r--r-- 1 jenn jenn 0 Dec 15 09:50 myfile
Any help appreciated.
Hello,
Server-side permissions can be enforced by editing the /etc/ssh/sshd_config configuration file, as demonstrated below:
# grep Subsystem /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server -m 664 -u 002
Alternatively, if you prefer not to enforce specific permissions but simply want to bypass the umask for SCP/SFTP sessions alone, so that file permissions remain unchanged during transfer—you can configure it like this:
# grep Subsystem /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server -u 000
Without any special flags, sftp creates the remote file with 0644 permissions (rw-r–r–), then applies the remote user’s umask which can only strip permissions meaning the maximum possible result is 0644.
With the -p flag to preserve permissions, sftp sets the remote file to match the source file’s permissions before applying the remote umask, so the maximum result reflects the source permissions after restriction.
For example, uploading a file with rw-r–r-- permissions results in rw-r–r-- if umask is 0002.
Uploading a file with rw-rw-rw- permissions results in rw-rw-r-- under the same umask 0002.
