set umask for sftp connection

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I'm using WSFtp pro on Windows to sftp files onto a Solaris 8 system
with OpenSSH 3.4p1. On the solaris system, my umask is 002 (wherever I
possibly can look for it). However, when copying files, these have a
permission of 644, which imho is not set by the unix system.
Therefore, it must be the sftp program, which sets this mask. Although
there should be a possibility to change file permissions in WSFtp
(according to the manual), this doesn't work. I neither don't want to
change permissions of all my files after uploading; this would be to
much useless work.

Question: Is there a possibility to override the umask of WSFtp by the
solaris system? Maybe in ssh or sftp config file? If this is possible,
how exactly is it done?
I have scrutinized all manuals of WSftp pro (they don't seem to be
satisfying) and also the Google Groups. None of the hints I got are

Thanks for your help

Re: set umask for sftp connection

Pat Buerki wrote:
Quoted text here. Click to load it

Should upgrade to 3.8.1.p1 - see

Quoted text here. Click to load it

You mean it's 002 but you have no idea how to confirm it>

Try adding

    umask 002

to the top of your $HOME/.cshrc file.

sftp should use the UNIX shell to set the permissions.

Re: set umask for sftp connection (Pat Buerki) wrote in message
Quoted text here. Click to load it

ssh takes the umask of the parent sshd process, which would normally
be inherited from init, unless restarted by hand.
So probably since sshd runs as root it's taking the default umask from
root, and not the user in the session.

Quoted text here. Click to load it

Some clients give the option to set default permissions for uploads,
or to preserve permissions for uploaded files from the client; most of
them don't.

Quoted text here. Click to load it

As stated above, the client takes the umask from the ssh daemon. So
just insert the command 'umask 002' (or the desired umaks value) into
start_service() routine in /etc/init.d/opensshd
At least this works. However, I'm not sure if this solution has any
severe disadvantages. If you know more, please let me know.

Re: set umask for sftp connection

Quoted text here. Click to load it

OpenSSH 3.7x and up will pick up the user's umask from /etc/default/login
on platforms that have it (like Solaris).

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: set umask for sftp connection

Tucker) writes:
Quoted text here. Click to load it

Maybe it should also be pointed out that files being created with 644 in
no way rules out that the umask actually *is* 002 (as apparently desired
by the OP). I believe sftp will (try to) preserve the permissions of the
source file - if it is 644, it neither will nor should become 664 at the
destination just because the umask there is 002. (Arguably if sftp tries
to preserve permissions, it should actively "disobey" the umask by chmod
after creation - but even if it doesn't, umask can of course only ever
*clear* bits.)

--Per Hedeland

Site Timeline