How do I set default permissions for SFTP for an Ubuntu Server?

ubuntu ssh permissions sftp umask
30,726

Solution 1

In /etc/ssh/sshd_config, change the following:

Subsystem sftp /usr/lib/openssh/sftp-server

to:

Subsystem sftp /bin/sh -c 'umask 0002; exec /usr/libexec/openssh/sftp-server'

Soure: http://jeff.robbins.ws/articles/setting-the-umask-for-sftp-transactions

Solution 2

In /etc/ssh/sshd_config, you can pass a flag and value in (-u 0002) like the following to set the umask value:

Subsystem sftp /usr/lib/openssh/sftp-server -u 0002

Append the -u 0002 to the existing Subsystem sftp line of the configuration file.

Afterwards, you will need to restart ssh for the changes to take effect:

service ssh restart
Share:
30,726

Related videos on Youtube

wag2639
Author by

wag2639

Updated on September 17, 2022

Comments

  • wag2639
    wag2639 almost 2 years

    We have an Ubuntu 10.04 server. How can I set it so that new files created (or copied) over SFTP or SSH have g+rw and g+rwx permissions (where appropriate)?

    I'm also using setgid (chmod g+s) so that they inherit the proper group owner.

  • user1686
    user1686 about 14 years
    It's better to put an exec before the final /usr/.../sftp-server, so that you won't have useless sh processes lying around.
  • user1686
    user1686 about 14 years
    Also, an umask is just a number; 0002 can be written shorter as 02.
  • user1686
    user1686 about 14 years
    Yes, umasks are octal. That doesn't mean you need three leading zeroes - one is enough. (In fact, the umask command doesn't need any leading zeroes, it always reads the argument as an octal number.) ... But on the second thought, maybe 0002 is clearer to understand.
  • Andrew B
    Andrew B over 11 years
    This only applies to newer versions of OpenSSH, but should be the preferred solution where possible.
  • Joost
    Joost almost 9 years
    This only works if you need more restrictive permissions than what is set by the client, not more loose.
  • flight
    flight almost 9 years
    As Joost said, this doesn't help to force group-write permissions. I would help to forbid group-write.
  • underscore_d
    underscore_d over 8 years
    According to recent documentation, the same options can be used with Subsystem sftp internal-sftp.
  • Cano64
    Cano64 about 7 years
    This answer doesn't work with new openssh anymore. Received unexpected end-of-file from SFTP server. See the other answer.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can't sftp into server Permission denied, please try again
SFTP clients not respecting default UMASK permissions
How to get full control of umask/PAM/permissions?
SFTP failing with "Match Group" clause
How can I allow a user sudo/root on SFTP?
How to create a SFTP (SSH) User with extremely limited permissions
Restrict FTP user to a directory
Locking down SFTP user in cygwin
Ubuntu Server editing file from command line
How do I make a *.ppk file let me into SSH (Ubuntu)