9/30/2015 - 7:58 AM

Setup masking for SFTP and SCP

Setup masking for SFTP and SCP

##Problem: When users are placing files on a server with SFTP, the umask set in /etc/profile and sticky bits set on directories are ignored.

Solution: Modify /etc/ssh/sshd_config. Find the line near the bottom that looks like:

Subsystem      sftp    /usr/libexec/openssh/sftp-server

Change to the following, adjusting the umask as needed. This example sets permission to 664 for files and 775 for directories:

Subsystem      sftp  /bin/sh -c 'umask 002; /usr/libexec/openssh/sftp-server'

To fix it for SCP, you also need to add the following line to /etc/pam.d/login and /etc/pam.d/sshd

session    optional umask=0022