HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
Showing results for 
Search instead for 
Did you mean: 

Set umask for specific sftp users

Go to solution
Fernando Boza
Regular Advisor

Set umask for specific sftp users

How I can Set umask for certain sftp users?
Steven E. Protter
Exalted Contributor

Re: Set umask for specific sftp users


sftp if part of openssh respects user umask, unless overridden in sshd_config for the daemon.

It will never transfer a file as executable.

Steven E Protter
Owner of ISN Corporation
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Bill Hassell
Honored Contributor

Re: Set umask for specific sftp users

Actually, sftpd (the remote side daemon) sets the umask value, similar to ftp. However, there appears to be a couple of useful options in sftpd. See man sshd_config. There are two options in the sshd_config file:

PermitUserEnvironment yes
SftpUmask 027

According to the sshd_config man page, if a local user's environment is permitted, then $HOME/.ssh/environment is read and the values are put in place. I could not get this to work with HP's sshd A.04.20.009. It appeared that the user environment was not implemented.

However, SftpUmask 027 in the sshd_config file did work as expected. As Steven said, the execute bit will never be set. However, the sshd directive is global -- all user files will have the sshd_config umask.

Since you have sftp working, you might consider using scp instead which is ideal for scripts. With scp, you can specify -p to preserve the mode on the remote side.

Bill Hassell, sysadmin
Fernando Boza
Regular Advisor

Re: Set umask for specific sftp users

hi Bill

which line should I put the file environment?
Bill Hassell
Honored Contributor

Re: Set umask for specific sftp users

The man pages say that you can put environment values in the file so what I did was:

echo "SftpUmask 027" > $HOME/.ssh/environment

This assumes that you are logged in as a user. Or replace $HOME with the location of the user's home directory. Be sure to set owner and permissions to: 600. But as I said, this had no effect. The SfpUmask did work in the sshd_config but sets umask for all sftp transfers.

Bill Hassell, sysadmin