How to specify file permission when putting a file using OpenSSH sftp command

ssh file-permissions sftp

I am using various SFTP clients for uploading files to an SFTP server and I have a problem with default permission used when putting files.

When requesting to put a file, SFTP client like WinSCP or Filezilla will send the SSH_OPEN command without requesting any explicit file permission.

On the other side, it looks like the OpenSSH sftp command on Linux (Red Hat and Ubuntu) is pending the SSH_OPEN command together with the '640' mode.

How can I configure the OpenSSH command to not explictly set the file mode or how can I configure it to send a mode, other than 640?

Many thanks!

Update:

I checked the OpenSSH sftp client source code and it looks like OpenSSH sftp will always tries to preserve file mode even if -P is not set: http://www.koders.com/c/fidD3B20680F615B33ACCB42398FAAFEE1C007DF942.aspx?s=rsa#L986

To solve this problem I used Putty SFTP client.


If an SFTP client does not specify permissions for uploaded files, the OpenSSH SFTP server assigns 0664 permissions to newly created files. That's for the default umask 0002, which you can change using the -u switch as the answer by @JimB shows.

If an SFTP client specifies the permissions, OpenSSH server uses the specified permissions (the umask does not apply).

Overview of some popular SFTP clients:

  • PSFTP: Does not allow you to set permissions for uploaded files. (But Unix version preserves files of source local file)

  • OpenSSH sftp: Does not allow you to set permissions for uploaded files. Preserves files of source local file. For details on the -P switch, see Does OpenSSH SFTP server use umask or preserve client side permissions after put command (chrooted environment)?

  • WinSCP: You can set permissions for uploaded files

    See https://winscp.net/eng/docs/ui_transfer_custom

    WinSCP transfer settings

    (I'm the author of WinSCP)

  • FileZilla: Does not allow you to set permissions for uploaded files. Server's default (umask) applies.


The sftp-server will create the new file with the default umask of the user. This can be overridden with the -u umask option to sftp-server

SFTP-SERVER(8)
     -u umask
             Sets an explicit umask(2) to be applied to newly-created files 
             and directories, instead of the user's default mask.

The client (OpenSSH sftp) can choose to preserve local permission by using the -p option, which will send the file then fchmod it appropriately.

SFTP(1) 
     -p      Preserves modification times, access times, and modes from the 
             original files transferred.

If you're strictly asking how to set a mandatory file mode with the sftp client; you can't (at least with openssh sftp-client). You will have to send a chmod after sending the file.

Related

Security Log in Event Viewer does not store IPs
Disable group policy from a workstation [closed]
What is the best way to harden Windows Server 2008 R2?
Limit total bandwidth use per user
OpenLDAP ACL to allow users to change their password
Is it possible to configure HAProxy to choose a backend server based on a request's source IP? If so, how?
What's the difference between sysadmin and an IT Consultant? [closed]
How do you manage your Mac workstations?
Should I host my entire web application using https?
DNSSEC NSEC3 opt-out
Program to snapshot changes made during an install?
Hyper-V Server - Can't UnJoin An Orphaned Domain