sFTP file and directory permission by default
Posted: 2019/11/05 05:37:42
I've configured sFTP server with upload permission only as per customer request, my SFTP Setup as below:
# vi /etc/ssh/sshd_config:
Subsystem sftp internal-sftp -l
Match Group sftpusers
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp -l
# groupadd sftpusers
# useradd -m -d /uploadonly/public -g sftpusers -s /bin/false testuser; passwd testuser
# chown root:root /uploadonly ; chown root:root /uploadonly/public
# mkdir /uploadonly/public/testuser; chown testuser:sftpusers /sftpuser/public/testuser
# vi /etc/pam.d/sshd
session optional pam_umask.so umask=0400
# systemctl restart sshd
Login testuser from sftp client, I can upload file with permission --w-rw-rw- (which look ok), and for directory the permission become d-wxrwxrwx
The issue is how to change permission to drwxrw-rw- for creating directory by default? Because with current d-wxrwxrwx, testuser can't cd and upload file to new directory, the OS is CentOS 7, please help.
# vi /etc/ssh/sshd_config:
Subsystem sftp internal-sftp -l
Match Group sftpusers
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp -l
# groupadd sftpusers
# useradd -m -d /uploadonly/public -g sftpusers -s /bin/false testuser; passwd testuser
# chown root:root /uploadonly ; chown root:root /uploadonly/public
# mkdir /uploadonly/public/testuser; chown testuser:sftpusers /sftpuser/public/testuser
# vi /etc/pam.d/sshd
session optional pam_umask.so umask=0400
# systemctl restart sshd
Login testuser from sftp client, I can upload file with permission --w-rw-rw- (which look ok), and for directory the permission become d-wxrwxrwx
The issue is how to change permission to drwxrw-rw- for creating directory by default? Because with current d-wxrwxrwx, testuser can't cd and upload file to new directory, the OS is CentOS 7, please help.