How do I set default permissions for SFTP for an Ubuntu Server?
30,726
Solution 1
In /etc/ssh/sshd_config, change the following:
Subsystem sftp /usr/lib/openssh/sftp-server
to:
Subsystem sftp /bin/sh -c 'umask 0002; exec /usr/libexec/openssh/sftp-server'
Soure: http://jeff.robbins.ws/articles/setting-the-umask-for-sftp-transactions
Solution 2
In /etc/ssh/sshd_config, you can pass a flag and value in (-u 0002) like the following to set the umask value:
Subsystem sftp /usr/lib/openssh/sftp-server -u 0002
Append the -u 0002 to the existing Subsystem sftp line of the configuration file.
Afterwards, you will need to restart ssh for the changes to take effect:
service ssh restart
Related videos on Youtube
Author by
wag2639
Updated on September 17, 2022Comments
-
wag2639 almost 2 years
We have an Ubuntu 10.04 server. How can I set it so that new files created (or copied) over SFTP or SSH have g+rw and g+rwx permissions (where appropriate)?
I'm also using setgid (chmod g+s) so that they inherit the proper group owner.
-
user1686 about 14 yearsIt's better to put an
exec
before the final/usr/.../sftp-server
, so that you won't have uselesssh
processes lying around. -
user1686 about 14 yearsAlso, an umask is just a number;
0002
can be written shorter as02
. -
user1686 about 14 yearsYes, umasks are octal. That doesn't mean you need three leading zeroes - one is enough. (In fact, the
umask
command doesn't need any leading zeroes, it always reads the argument as an octal number.) ... But on the second thought, maybe0002
is clearer to understand. -
Andrew B over 11 yearsThis only applies to newer versions of OpenSSH, but should be the preferred solution where possible.
-
Joost almost 9 yearsThis only works if you need more restrictive permissions than what is set by the client, not more loose.
-
flight almost 9 yearsAs Joost said, this doesn't help to force group-write permissions. I would help to forbid group-write.
-
underscore_d over 8 yearsAccording to recent documentation, the same options can be used with
Subsystem sftp internal-sftp
. -
Cano64 about 7 yearsThis answer doesn't work with new openssh anymore. Received unexpected end-of-file from SFTP server. See the other answer.