SFTP – Connections and File Permissions – Part 2

So in our last post SFTP – Connections and File Permissions – Part 1 we discussed SFTP connections, file permissions and the effect of “umask”.

One thing we should make a note that SFTP server binary is “/usr/libexec/openssh/sftp-server” which we can see in sshd config file.

I’ve also updated “test2” user umask to 0077 and deleted all previous files..

SFTP_Client2.JPG

SFTP files from Bastion to Client.. As we can see below “rwx” permissions chopped off for group and others for the files transferred which is expected.

SFTP_Client3

Lets play the game again but this time with SFTP server binary “internal-sftp”.. I’ve updated sftp binary in sshd_config and restarted the ssh service.

SFTP_Client4.JPG

Deleted the files and did SFTP again.. But this time file permissions did not follow the umask setting which is 0077. Switching to the internal-sftp would bypass the restriction, as the login shell is no longer involved so set umask in sshrc, .profile, etc… fails.

SFTP_Client5.JPG

So how do we make sure that “internal-sftp” follows umask ? Update to “internal-sftp -u 0077” in sshd_config and restart.

SFTP_Client6.JPG

Try again.. as you can see below permissions of the files now following umask.

SFTP_Client7.JPG

Advertisements

One thought on “SFTP – Connections and File Permissions – Part 2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s