Show Contents / Index / Search

Set File Permissions on Uploaded Files

When you upload a file to the server using either sftp or scp, the file permissions of the uploaded file can depend on both the server configuration and the source file permissions.

If the file already exists on the server:

  • The server file permissions remain the same after a transfer; the transfer updates the contents of the file contents, but does not modify existing file permissions.

If the file does not exist on the server, the following factors affect the permissions set on the transferred file. Items lower on this list override items higher on the list.

  1. The uploaded file is given the same permissions as the source file provided there are no settings in effect on the server that prevent the creation of files with these permissions.
  2. If the client requests a UMASK value using the SetRemoteEnv keyword, those permission limits are applied.
  3. System-wide settings for new file creation are applied. (For example, these may be configured in standard system files such as /etc/default/login and /etc/environment, or using PAM.)
  4. If a UMASK value is configured in a global Reflection for Secure IT environment file (/etc/ssh2/environment), those permission limits are applied.
  5. If a UMASK value is configured in a user-specific Reflection for Secure IT environment file (~/.ssh2/environment), those permission limits are applied.

 

Note: UMASK is included by default in the list of environment variables allowed by SettableEnvironmentVars. If UMASK is not included in this list, you cannot modify UMASK values using an environment file on the server or using the client SetRemoteEnv keyword.

To set permissions on uploaded files on the server using the environment file

  1. Create (or edit) the environment file.

    To configure

    Use this path and file name

    User-specific settings

    ~/.ssh2/environment

    Global settings

    /etc/ssh2/environment
  2. Add a line specifying the UMASK value that you want to apply to uploaded files. For example:

    UMASK=066

To set permissions on uploaded files from the client using SetRemoteEnv

  • Open the client configuration file (/etc/ssh2/ssh2_config) in a text editor. Add a line using SetRemoteEnv to specify the UMASK value you want to apply to uploaded files. For example:

    SetRemoteEnv=UMASK=066

-OR-

  • Use SetRemoteEnv on the command line to specify a UMASK value. For example:

    sftp -oSetRemoteEnv=UMASK=066 joe@myserver.com

The following session shows the use of SetRemoteEnv to set permissions on a file uploaded using scp. The source file (demo) allows user, group, and world read/write access (644) on the client (abchost). After the upload, the file allows user-only read/write access (600) on the server (xyzhost).

joe@abchost:~> ls -l demo

-rw-r--r-- 1 joe users 30 2008-10-02 12:07 demo

joe@abchost:~> scp -oSetRemoteEnv=UMASK=066 demo joe@10.10.3.232:

Authentication successful.

demo 30 0.0KB/s 00:00 100%

joe@abchost:~> ssh joe@10.10.3.232

Authentication successful.

Last login: Thu Oct 2 16:56:22 2008 from 150.215.83.121

[joe@xyzhost ~]$ ls -l demo

-rw------- 1 joe joe 30 Oct 2 16:57 demo

[joe@xyzhost ~]$