Published on: October 21, 2014 by Vipin R.N
Umask is used to remove additional permissions of files which are copied to the server. If the file has 777 permission on the source and uploaded via sftp using -p or -P option, the permission will be preserved. It can be used in SFTP to change permissions of files.
For SFTP change permissions after uploading the file, we can add a umask for the sftp subsystem.
This can be used to prevent setting executable or world writable permissions when files are uploaded using SFTP. By default, FTP changes the permission to 644 on upload and SFTP doesn’t.
You can use the following steps to use umask in removing the additional permissions of files once they are uploaded through SFTP
1. Edit the file /etc/ssh/sshd_config.
2. Add the following under “# override default of no subsystems” :
Subsystem sftp /bin/sh -c ‘umask <umask>; /usr/libexec/openssh/sftp-server’
Subsystem sftp /usr/libexec/openssh/sftp-server -u <umask>
where <umark> is the umask to be set.
3. Then restart the SSH daemon.
Note: The umask settings only tries to remove permissions, not to add them.
The file gw80 was uploaded before setting the umask and its permission on the source was 664.
File gw80_1 was uploaded after setting up the umask. The permission of the file was 664 in source and was changed to 644 after upload.
Category : Howtos, Linux, Security, Troubleshooting