Setting umask for sshfs mount
Solution 1
From sshfs
manual:
-o umask=M
set file permissions (octal)
Note the manual mentions the option name is umask
. So it is not the same values you would use in chmod
, where 7
means rwx
(binary 111
). Instead, umask
is a mask, as the name says.
For fuse
, this mask is used as an inversion of the desired permission.
Then, from http://wiki.gilug.org/index.php/How_to_mount_SFTP_accesses#General_working_of_umask, we get the following:
[umask i]s a template-mask. Is as a chmod inverse, because is used for shading the permissions to be set when creating files and directories. As higher is the octal value, more restrictive (at binary level a bit 1 shades an attribute and a bit 0 allows it).
0 allows rwX
1 allows rw-
2 allows r-X
3 allows r--
4 allows -wX
5 allows -w-
6 allows --X
7 allows ---
So, if you supply 0022
, the permission will go as follows:
- AND with
0777
(see umask man page) to consider only "user", "group" and "others" permissions (i.e. discard first part of the mask).
000 000 010 010 -> 0022
AND
000 111 111 111 -> 0777
=
000 000 010 010 -> 0022
- Invert the three permissions.
000 010 010 -> 022
becomes
111 101 101 -> 755
If you don't want the files to be executable, but want them to be readable and writable (chmod 666
), you should set umask
to:
110 110 110 = 666 <- chmod value
001 001 001 = 111 <- umask value
Solution 2
The umask
sshfs option only deals with how the remote files appear to you on your local system, this shed some light on the issue for me: serverfault.com/q/228396, a desired umask of 0002 for remotely created files and folders was achieved with:
Lines appended to /etc/pam.d/sshd
on the remote system:
# Setting UMASK for all ssh based connections (ssh, sftp, scp)
session optional pam_umask.so umask=0002
This one has been a long-running issue for me, cheers.
masavini
Updated on June 04, 2022Comments
-
masavini almost 2 years
If I mount the sshfs server with no umask, i get
-rw-rw-r--
on new created files. If I try and open a php file on the server on my browser, i get this error:Incorrect file/directory permissions: Above 755. In order files to be processed by the webserver, their permissions have to be equal or below 755.
So I tried with
umask=0022
: the new created files have-rwxr-xr-x
. These permissions are fine, as the error above does not appear anymore. However, I can't understand why the new files are set as executables...Could you please explain? Many thanks...
-
Kangur over 7 yearsIf setting non-executable umask bit it won't be possible to list directories.
-
MountainX over 6 yearsSee comment on unix.stackexchange.com/q/290212 The umask option for sshfs goes down to the underlying fuse layer where it's handled wrongly. afaict the advice is to avoid it. – Ralph Rönnquist Jun 17 '16 at 7:56
-
Smar over 3 yearsSadly, fuse/sshfs does not support dmask nor fmask.
-
JMC almost 3 yearsThis is wrong or confusing. The mask is FIRST inverted, and then AND is applied to find the resulting permissions. Your example happens to yield the same result because your starting value is 777 and X AND 1 = X. But the correct function is different: See en.wikipedia.org/wiki/Umask#How_the_mask_is_applied