SFTP – Connections and File Permissions – Part 2

So in our last post SFTP – Connections and File Permissions – Part 1 we discussed SFTP connections, file permissions and the effect of “umask”.

One thing we should make a note that SFTP server binary is “/usr/libexec/openssh/sftp-server” which we can see in sshd config file.

I’ve also updated “test2” user umask to 0077 and deleted all previous files..


SFTP files from Bastion to Client.. As we can see below “rwx” permissions chopped off for group and others for the files transferred which is expected.


Lets play the game again but this time with SFTP server binary “internal-sftp”.. I’ve updated sftp binary in sshd_config and restarted the ssh service.


Deleted the files and did SFTP again.. But this time file permissions did not follow the umask setting which is 0077. Switching to the internal-sftp would bypass the restriction, as the login shell is no longer involved so set umask in sshrc, .profile, etc… fails.


So how do we make sure that “internal-sftp” follows umask ? Update to “internal-sftp -u 0077” in sshd_config and restart.


Try again.. as you can see below permissions of the files now following umask.



One thought on “SFTP – Connections and File Permissions – Part 2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s