Setting umask for sshfs mount

file-permissions sshfs umask
11,831

Solution 1

From sshfs manual:

   -o umask=M
          set file permissions (octal)

Note the manual mentions the option name is umask. So it is not the same values you would use in chmod, where 7 means rwx (binary 111). Instead, umask is a mask, as the name says.

For fuse, this mask is used as an inversion of the desired permission.

Then, from http://wiki.gilug.org/index.php/How_to_mount_SFTP_accesses#General_working_of_umask, we get the following:

[umask i]s a template-mask. Is as a chmod inverse, because is used for shading the permissions to be set when creating files and directories. As higher is the octal value, more restrictive (at binary level a bit 1 shades an attribute and a bit 0 allows it).

0 allows rwX
1 allows rw-
2 allows r-X
3 allows r--
4 allows -wX
5 allows -w-
6 allows --X
7 allows ---

So, if you supply 0022, the permission will go as follows:

  1. AND with 0777 (see umask man page) to consider only "user", "group" and "others" permissions (i.e. discard first part of the mask).

000 000 010 010 -> 0022

AND

000 111 111 111 -> 0777

=

000 000 010 010 -> 0022

  1. Invert the three permissions.

000 010 010 -> 022

becomes

111 101 101 -> 755

If you don't want the files to be executable, but want them to be readable and writable (chmod 666), you should set umask to:

110 110 110 = 666 <- chmod value
001 001 001 = 111 <- umask value

Solution 2

The umask sshfs option only deals with how the remote files appear to you on your local system, this shed some light on the issue for me: serverfault.com/q/228396, a desired umask of 0002 for remotely created files and folders was achieved with:

Lines appended to /etc/pam.d/sshd on the remote system:

# Setting UMASK for all ssh based connections (ssh, sftp, scp)
session    optional     pam_umask.so umask=0002

This one has been a long-running issue for me, cheers.

Share:
11,831
masavini
Author by

masavini

Updated on June 04, 2022

Comments

  • masavini
    masavini almost 2 years

    If I mount the sshfs server with no umask, i get -rw-rw-r-- on new created files. If I try and open a php file on the server on my browser, i get this error:

    Incorrect file/directory permissions: Above 755.
In order files to be processed by the webserver, their permissions have to be equal or below 755.

    So I tried with umask=0022: the new created files have -rwxr-xr-x. These permissions are fine, as the error above does not appear anymore. However, I can't understand why the new files are set as executables...

    Could you please explain? Many thanks...

  • Kangur
    Kangur over 7 years
    If setting non-executable umask bit it won't be possible to list directories.
  • MountainX
    MountainX over 6 years
    See comment on unix.stackexchange.com/q/290212 The umask option for sshfs goes down to the underlying fuse layer where it's handled wrongly. afaict the advice is to avoid it. – Ralph Rönnquist Jun 17 '16 at 7:56
  • Smar
    Smar over 3 years
    Sadly, fuse/sshfs does not support dmask nor fmask.
  • JMC
    JMC almost 3 years
    This is wrong or confusing. The mask is FIRST inverted, and then AND is applied to find the resulting permissions. Your example happens to yield the same result because your starting value is 777 and X AND 1 = X. But the correct function is different: See en.wikipedia.org/wiki/Umask#How_the_mask_is_applied

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting umask for all users
How can I give default group write permission to a file created by www-data?
umask for www-data user running PHP on Ubuntu
How to set umask globally?
java set file permissions to 777 while creating a file object
How to request Allow management of all files permission in Flutter Android 11 (R)
Rename-Item: Access to the path is denied (Flutter upgrade)
WSL Bash Permission denied to create files and directories
Samba file sharing on Ubuntu doesn't mask or force permissions for new files
File system permission error while installing drupal modules