setting umask for internal-sftp users
Will Johnston
will at ehawaii.gov
Fri Jan 9 13:58:36 EST 2009
I'm running OpenSSH 5.1p1 on openSUSE 10.3 (i586) and I want to setup chroot jails for certain
SFTP-only users. I use the following lines in my sshd_config file:
Match Group sftponly
ChrootDirectory /home/chroot-%u
ForceCommand internal-sftp
It works great.
The problem is that some of my users need umask 002 for their uploads. I tried a few ways to
achieve this:
* set umask in sshrc, .profile, etc... fails because no shell is used with internal-sftp
* set the umask to 002 before launching sshd so the sftp server process will inherit it...
fails because sshd resets umask to a minimum of 022 on startup (seems like a good idea)
My solution was to add an option for internal-sftp that sets the umask. So, I can put this in my
configuration:
Match Group sftponly
ChrootDirectory /home/chroot-%u
ForceCommand internal-sftp -u 002
I've attached my patch. It's working with no problems for me.
Please consider including this change or something similar in the next release.
--
Will Johnston
Hawaii Information Consortium, LLC
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sftp-umask.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090108/c5ef31cf/attachment-0001.ksh
More information about the openssh-unix-dev
mailing list