[SFTP] Possibility for Adding "ForceFilePermission" option
jjelen at redhat.com
Mon Dec 18 23:03:44 AEDT 2017
On Thu, 2017-12-14 at 10:26 -0600, House Lee wrote:
> I understand that if I specify `ForceCommand internal-sftp -u
> <umask>`, the permission of any files uploaded via sftp will be
> calculated by `<original permission> & ~umask`. However, this can be
> bypassed by the `-P` option of `put` command. We are developing a
> shared hosting platform, therefore we definitely don’t want our users
> being able to upload any executable files. We can not disable the x
> permission by umask because directories need the x permission.
> Is there any possible way to accomplish this? or is it possible to
> add a `ForceFilePermission` and `ForceDirPermission` option in the
> sshd_config ?
> Thanks & Best Regards,
during last month, there were already two emails in this mailing list
discussing this issue:
The patch exists here since 2010 and it is currently used in
Fedora/RHEL to a great satisfaction, though it was never accepted by
upstream nor there was any official statement if they will eventually
accept this change or why not (and in which I would be greatly
Best advise I have is to pull that patch from the linked thread above.
Or have some script that is fixing the files permissions upon upload.
Red Hat, Inc.
More information about the openssh-unix-dev