IBM Support

Changing the sftp umask for a single or group of users.

Troubleshooting


Problem

How to change the sftp umask for a single or group of users.

Resolving The Problem

To change the sftp umask for a single user or a group of users. Edit the /etc/ssh/sshd_config file and add the following.

NOTE: Openssh version needs to be at 5.4p1 or higher.
NOTE: The umask needs to be converted from Octal to Decimal.

Example:
A umask of 111 in Octal will yield 73 in decimal, which we
will use in this example.

#vi /etc/ssh/sshd_config
Add the following two lines at the end of the file to configure the sftp umask for a group of users.

Match Group  <group name>
ForceCommand  internal-sftp  -u 73

Or, add the following two lines at the end of the file to configure the sftp umask for a single user.

Match User   <user name>
ForceCommand  internal-sftp -u 73

Restart the sshd daemon.

#stopsrc -s sshd

#startsrc -s sshd

Test it from the client.
------------------------
Create a file on sftp client and change permissions to 777.
#touch tst2
#chmod 777 tst2
# ls -l tst2
-rwxrwxrwx    1 root   system    0 Nov 17 12:58 tst2

sftp [email protected]
Connecting to test.austin.ibm.com...
[email protected]'s password:
sftp> put tst2
Uploading tst2 to /home/user/tst2
tst2  100%    0     0.0KB/s   00:00


On the sftp server test.austin.ibm.com the permissions of the new tst2 file should be 666.
-------------------------------------------------------------
ls -l tst2
-rw-rw-rw-    1 user      staff     0 Nov 17 13:49 tst2

NOTE: You cannot use the umask on sftp to change the permission on a file to be less restrictive than the original file.

[{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"}],"Version":"5.3;6.1","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":"AIX 6.1"}],"Version":"","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
17 June 2018

UID

isg3T1012565