OpenSSH 5.3 setting UMASK for SFTP chroot env, dosen't work at all

ssh sftp chroot

6,223

If you do not want the patch solution, here is another workaround:

In sshd_config:

# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp /usr/local/bin/sftpwrapper

# And the Match Group, ChrootDirectory, etc... declarations

And in /usr/local/bin/sftpwrapper (chmod 755, chown root:root)

#!/bin/bash --
umask 0002
exec /usr/lib/openssh/sftp-server

Users in the chrooted group, can still has /bin/false as shell.

6,223

Author by

Updated on September 18, 2022

emaaaa almost 2 years
I tried to override umask setting on SFTP connection in chrooted env. I couldnt use subsytem diffrente than internal-ftp.

In OpenSSH_5.3p1 (Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009) there's umask setting directly from command.

How do you able to set ?

My sshd config is:
```
Match User myuser
ChrootDirectory /mnt/jail/myuser/
AllowTCPForwarding no
X11Forwarding no
#ForceCommand /usr/lib/openssh/sftp-server -l DEBUG3
#ForceCommand /bin/sh -c 'umask 002; /usr/lib/openssh/sftp-server'
ForceCommand internal-sftp -u 002
```
anyway, it dosent works.
emaaaa about 13 years

I couldnt fix sshd daemon with sftpfilecontrol BTW I've tried to insert pam_umask but seems dosent work
emaaaa about 13 years

I've tried even this solution but sftp-server couldnt start from sshd and when i tried to use Cyberduck sftp-server respond with "/bin/bash not found" dosen't accept any connection
Cakemox about 13 years

I was able to get it to work putting the pam_umask line at the top of /etc/pam.d/sshd and restarting. I'm using /usr/lib/openssh/sftp-server; I didn't try it with internal-sftp.
poisonbit about 13 years

You can change first line to something like "#!/usr/bin/env bash" or the right path to the bash interpreter on your server.
emaaaa about 13 years

Sorry @poisonbit i catch this error when i try to login with an user without shell. It should say nothing, but ...