sftp setting umask issue

MikeL_4 — Fri, 18 May 2012 16:40:18 GMT

We are running Red Hat Version 5.7 on our servers...

I've set the subsystem sftp line in /etc/ssh/sshd_config.conf to set the umask for file being dropped on the server to permissions of 664

Subsystem sftp /usr/libexec/openssh/sftp-server -u 0002
and restarted sshd services afterwards..

However when I test it and do an sftp to the server I get connection closed:

-> sftp logftp0@apsclog1
Connecting to apsclog1...
Connection closed
[19:55:24] /home/.....
->

I remove the '-u 0002' from the Subsystem line, and sftp allows logins again via sftp..

The ultimate goal is that all files that are put onto the server via sftp have '664' permissions...

Can anyone tell me what I may be missing here ???

Re: sftp setting umask issue

corydd — Fri, 15 Jun 2012 14:26:31 GMT

I had a slightly more complicated problem in that I had to use different umask settings depending on what user was connecting. I wrote a shell script that reads a configuration file to find the umask value, then call the sftp systems.

/usr/local/jobs/ssh_wrapper ----------------------------------------

#!/bin/ksh

CFGFILE=$(dirname $0)/$(basename $0).cfg

LOG=$(egrep -cl '^[[:space:]]*\#\$[[:space:]LOG[[:space:]]*=[[:space:]]*1[[:space:]]*$' $CFGFILE)

if [[ -r $CFGFILE ]]
then
        LINE=$(grep "^[[:space:]]*$USER[[:space:]]*[0-7]*" $CFGFILE | tail -n 1)
        if [[ x$LINE != x ]]
        then
                UMASK=$(echo $LINE | awk ' {print $2}')
                if [[ $LOG -gt 0 ]]
                then
                        logger $USER: Setting umask to $UMASK $$0 $*$
                fi
                umask $UMASK
        fi
fi

if [[ $# -eq 0 ]]
then
        exec /opt/ssh/libexec/sftp-server
else
        exec $*
fi
------------------------------------------------

The configuration file is named the same as the wrapper script, with a .cfg extension. Here's an example:

------------------------------------------------

#$ LOG = 0
user1 0113
------------------------------------------------

If the LOG value is non-zero, the script calls logger to send messages to syslog.

The wrapper is configured in sshd_config:

Subsystem sftp /usr/local/jobs/ssh_wrapper

topic Re: sftp setting umask issue in Operating System - Linux

sftp setting umask issue

Re: sftp setting umask issue