On Wed, Oct 23, 2013 at 10:52:51AM +0300, Lars Noodén wrote: > This is on OpenSSH_6.3 from current. If I interpret the man page for > sftp-server(8) correctly, the option -u should set an explicit umask. > What looks like is happening instead is that the umask is OR'ed with an > established value. How do I set or override that initial umask? > > What's happening is that with -u, > I can make a more restrictive setting: > > for example, tightening umask down: > Match group foo > ForceCommand internal-sftp -u 777 > > gives: > ---------- 1 foo foo 29 Oct 23 10:37 umask777 > > but opening umask up > Match group foo > ForceCommand internal-sftp -u 000 > > gives: > -rw-r--r-- 1 foo foo 29 Oct 23 10:36 umask000 > > What I was expecting for -u 000 would have been > > -rw-rw-rw- 1 foo foo 29 Oct 23 10:35 umask000 > > What have I misconfigured? > > Regards, > /Lars
I saw the same and I'm not sure how it should exactly work. Maybe it is only working when explicitly setup in 'Subsystem' line. Although it is works like this, I would like to be able to "override" it anyway inside a Match block. jbelke
