I've configured sFTP server with upload permission only as per customer request, my SFTP Setup as below:
# vi /etc/ssh/sshd_config:
Subsystem sftp internal-sftp -l
Match Group sftpusers
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp -l
# groupadd sftpusers
# useradd -m -d /uploadonly/public -g sftpusers -s /bin/false testuser; passwd testuser
# chown root:root /uploadonly ; chown root:root /uploadonly/public
# mkdir /uploadonly/public/testuser; chown testuser:sftpusers /sftpuser/public/testuser
# vi /etc/pam.d/sshd
session optional pam_umask.so umask=0400
# systemctl restart sshd
Login testuser from sftp client, I can upload file with permission --w-rw-rw- (which look ok), and for directory the permission become d-wxrwxrwx
The issue is how to change permission to drwxrw-rw- for creating directory by default? Because with current d-wxrwxrwx, testuser can't cd and upload file to new directory, the OS is CentOS 7, please help.
sFTP file and directory permission by default
Re: sFTP file and directory permission by default
session optional pam_umask.so umask=0400
"4" = not read.
You may want to try something like: umask=0002
"4" = not read.
You may want to try something like: umask=0002
Re: sFTP file and directory permission by default
As per request, all file in sFTP not allow download by default, that's why I put 0400, with 0002, user still can download file after uploading, correct me if I was wrong