sftp chroot and umask

[vh]

Folks, gurus and pundits,

I have set up a chrooted sftp environment that works fine. In the login.conf file, I set the umask for the sftp users class (there is only one) at (0)007, so I expect transferred files to be stored with permissions 770.

However, I do not get always 770 permissions. What I get seems to be a logical and between the source (local permissions) and the (remote) umask set in login.conf. Is that correct? Any clue on how to bypass this (strange?) behavior?

Thanks a lot,
Vincent

 

[mix_room]

When I was setting it up I explicitly forced the sftp-subsystem into a umask.

In sshd_config

Match User sftp-user
        ChrootDirectory /home/sftp-user
        ForceCommand    internal-sftp -u 007 -f AUTH -l VERBOSE

This was the only way I found to get the right permissions.

 

[vh]

Hi! Thanks a lot for your answer.

Match User sftp-user
        ChrootDirectory /home/sftp-user
        ForceCommand    internal-sftp -u 007 -f AUTH -l VERBOSE

I tried and got the same behavior: e.g if on my local machine I have:

-rw-r--r--  …   setup.py

after transferring with umask 007 I get:

-rw-r-----  … setup.py

That is to say a mask of the original permissions with sshd_config umask. Could it be a trick of the sftp client?

V.

 

[mix_room]

What is your sftp-subsystem set to?

In my sshd_config:

# override default of no subsystems
Subsystem       sftp    internal-sftp -f AUTH -l VERBOSE

 

[vh]

What is your sftp-subsystem set to?

In my sshd_config:

# override default of no subsystems
Subsystem       sftp    internal-sftp -f AUTH -l VERBOSE

I just have this:

# override default of no subsystems
Subsystem       sftp    internal-sftp

But the default configuration is overridden for the user I’m testing:

Match User catalogue
        ChrootDirectory /home/chroot
        ForceCommand    internal-sftp -u 007 -f AUTH -l VERBOSE
        X11Forwarding no
        AllowTcpForwarding no

Thanks for your help!
Vincent