sftp umask not working

I want to set up SFTP so that when a user uploads a file, the group permissions are set to allow write. I added this setting to the sshd_config file:

Subsystem       sftp    /usr/lib/ssh/sftp-server -u 0003


I have this setting in the /etc/pam.d/common-session file:

 session optional        pam_umask.so umask=0003


But when someone uploads a file with SFTP the permissons are:

-rw-r--r-- 1 chapan users 35 May 15 10:01 x.txt


On 05/15/2013 05:16 PM, chapan wrote:
>
> I want to set up SFTP so that when a user uploads a file, the group
> permissions are set to allow write.
>
> umask=0003

i’m a little confused: you want to allow who to
change/modify/delete the uploaded file?

only the user who uploaded it? or everyone who wants to?

or, some specified group??

i ask, because all to write only is (i think) 0222
and, all to read and only owner write is 0644

and, 0003 allows no one to read the file but everyone can
write/change/delete/execute it

on the other hand, this is not my strongest area of knowledge.


dd
http://tinyurl.com/DD-Caveat

I am missing completley which version of openSUSE you use.

Als I am missing the way you call sftp. According to the

man-sftp-server

which I hope you read, says that the call is:

sftp-server -ehR ] -f log_facility ] -l log_level ] -u umask ]

and it explains further:

-u umask
Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user’s default mask.

Isn’t that functioning?

I do appologize, You posted the call and my statement is nuts :shame:

I will try to say something more to the point.

The umask is only a mask that masks off certain permission bits when a prcosess wants to create a file and to that creating of a file belongs a set of permission bits the prcosess likes to be given to the file created. The Kernel then masks those wanted bits with the umask. That means that you can get less bits in the resulting permission set, but they can not be added by using an umask.

Thus, when on file creation, sftp-server wants to set rw-r–r–, you can make that e.g rw-r----- with an umask of 007, but you can not add the group write bit.

It thus depends on what the ftpd-server tries to set. Using the -p option you can tell it to use the permission bits from the file to be transfered on the client (but, take caere the -p option does do more things, you may not want). But that would lay the task of setting he bits you want already on the user on the client, which I do not know if this is feasable.