Ssh Umask

Posted : admin On 1/2/2022
So we're trying to set up an ssh server for a client that automatically applies a umask to a directory that allows for all uploaded files to automatically take on 002.
We can't use ACL's for this since it's an NSF4 mount point and NFS4_acl is not working for some reason.
Here is what we've tried.
Creating a custom login shell that forces umask 002 and putting it in /bin/set-umask. I am able to sftp in but when I put a file up to the server it uploads it in mode 0644 so that doesn't work.
I tried setting in openssh to force -u 002.
We're using subsystem sftp internal-sftp by the way.
Adding a -u 002 does not work for whatever reason. openSSH version is 5.3. OS version is rhel6.
We tried adding in pam.d/login pam.d/sshd to force umask using
session optional umask.so umask=002
This also does not work.
Basically we need for this to work. We are not allowing the sftp users to have an interactive shell so .profile, .bashrc, .bash_profile are not options and we don't want to set it system wide as it will mess with regular ssh users.
Does anyone have any advice on the best way to get this working?

# umask newumaskvalue # umask 0077. You can verify the same using umask command. To permanently set the umask value for files/directory creation Add the umask value to be set inside /.bashrc or /.bashprofile as every time you login the above files are executed updating the new umask. Since umask is inherited from the parent process, on a Slackware system that uses /etc/rc.d/rc.sshd to start/stop/restart sshd, you could simply place umask 0027 on a line by itself directly above 'sshdstart' or 'sshdrestart', or alternatively, at any point before the main execution section begins, in.

Ssh Umask

Sftp Umask Setting

I am trying to setup an scp receiver that allows select users, based on ssh keys, to scp files to a specific server as a user different than themselves. This is to satisfy access restrictions. The SSHFS mount is done via [email protected] with option allowother. On the server, the shared directory has permissions user3 (owner) rwx and group (team) rwx, while other have r-x permissions. The gid sticky bit is set with chmod g+s. We removed all ACLs for the umask-focused configuration.