ssh / sftp umask setting
 

I have (2) samba servers running (debian Lenny/samba 3.5.6/openssh 5.5p1). I need a way for remote users to have access to the shared data (0777 permissions).

We were using WinSCP, but it does not allow drive-mapping in windows. It worked with only one or two remote users, but does not really fit the bill for a rollout to 10 - 12 remote users.

I found a piece of software called ExpanDrive, which uses an ssh connection, maps it to a windows drive, and then does transfers via sftp protocol. The only issue is that ANY time a remote user writes to a file it gets permissions of 0644. I have been trying to force the umask to 0000, which (I believe) would give 0777.

I have tried setting the umask in /etc/ssh/sshd_config with:

Subsystem sftp /usr/lib/openssh/sftp-server -u 0000

This has no effect.

I have also tried setting it in PAM by adding:

session optional pam_umask.so umask=0000

to /etc/pam.s/sshd. Still no change.

I have been trying to get this to work for a few weeks, and have tried virtually everything I can find, all without success. The software vendor for ExpanDrive has been no help - they are more on the Windows side of things. I have read so many posts on this issue my head is spinning.

Everyone that needs access are on windows based machines. Any suggestions on where else to look would be greatly appreciated!

The sftp system is spawned by the root user, and takes that umask. You should be able to change it with the -u command but you say you've tried that. Maybe an alternative would be:

Subsystem sftp /bin/sh -c ‘umask 0002; /usr/lib/openssh/sftp-server’

or use a wrapper script. See the following for more details:

http://jeff.robbins.ws/articles/sett...p-transactions