So in our last post SFTP – Connections and File Permissions – Part 1 we discussed SFTP connections, file permissions and the effect of “umask”.
One thing we should make a note that SFTP server binary is “/usr/libexec/openssh/sftp-server” which we can see in sshd config file.
I’ve also updated “test2” user umask to 0077 and deleted all previous files..
SFTP files from Bastion to Client.. As we can see below “rwx” permissions chopped off for group and others for the files transferred which is expected.
Lets play the game again but this time with SFTP server binary “internal-sftp”.. I’ve updated sftp binary in sshd_config and restarted the ssh service.
Deleted the files and did SFTP again.. But this time file permissions did not follow the umask setting which is 0077. Switching to the
internal-sftp would bypass the restriction, as the login shell is no longer involved so set umask in sshrc, .profile, etc… fails.
So how do we make sure that “internal-sftp” follows umask ? Update to “internal-sftp -u 0077” in sshd_config and restart.
Try again.. as you can see below permissions of the files now following umask.