SFTP default umask

December 10, 2011

So I was about to configure an FTP server to let a friend upload content for a website... and then I came to my senses and remembered sftp exists. It's supported by the same graphical clients, and avoids me having to figure out SSL certificates and so on.

Next problem: we want to both edit the site. Okay, so I create a group, make it the default group for both users... and now I need to set the umask to 002 so that all group members can edit all files. There's no option in the client...

Skimming Debian bug #496843 (closed Apr 2010, thanks Colin Watson!) we can set this in sshd_config these days - no need to mess about with wrapper scripts. Very easy:

Subsystem sftp /usr/lib/openssh/sftp-server -u 002

Now all content created through the sftp client is group-writable, and owned by the default group of each user! See 'man (8) sftp-server'.

Nifty tech tag lists fromĀ Wouter Beeftink