Set File Permissions on Uploaded Files
The options described here affect permissions on files uploaded using either sftp or scp.
Using ForceSftpFilePermissions to set Permissions
ForceSftpFilePermissions is a server keyword that you can use to specify a file permission value for all files uploaded to the server using sftp or scp. This setting overrides all other permission setting actions. It takes a three-digit permission mode value. For example:
In this example, all uploaded files are set to 600 (-rw-------). In addition, if a user attempts to change the permissions on an existing file, that file is also set to 600, regardless of the permission value requested by the client user.
When ForceSftpFilePermissions is configured:
In the following session, the user joe is connecting to demoserver.com, on which ForceSftpFilePermissions is set to 600. Joe's local file sample.txt has permissions=666. After the transfer, the file permissions for sample.txt on the server are set to 600. Joe lists permissions for his file test.txt on the server and sees that the permissions=666. Joe attempts a chmod to change the permissions to 644. Because the ForceSftpFilePermissions value overrides Joe's value, after this command, the file permissions are set to 600.
joe@abchost:~> ls -l sample.txt
-rw-rw-rw- 1 joe users 9668 2011-06-18 17:41 sample.txt
joe@abchost:~> sftp demoserver.com
sftp> put sample.txt
sample.txt 668 9.4KB/s 00:00 100%
sftp> ls -l sample.txt
-rw------- 1 joe joe 9668 Mar 18 2011 sample.txt
sftp> ls -l test.txt
-rw-rw-rw- 1 joe joe 73 Jan 15 17:49 test.txt
sftp> chmod 644 test.txt
Changing mode on /home/joe/test.txt
sftp> ls -l test.txt
-rw------- 1 joe joe 73 Jan 15 17:49 test.txt
Using System Settings to Control Permissions
If ForceSftpFilePermissions is not configured, the system settings determine uploaded file permissions.
If the file already exists on the server:
If the file does not exist on the server, the following factors affect the permissions set on the transferred file. Items lower on this list override items higher on the list.
Note: UMASK is included by default in the list of environment variables allowed by SettableEnvironmentVars. If UMASK is not included in this list, you cannot modify UMASK values using an environment file on the server or using the client SetRemoteEnv keyword.
To set permissions on uploaded files on the server using the environment file
To set permissions on uploaded files from the client using SetRemoteEnv
The following session shows the use of SetRemoteEnv to set permissions on a file uploaded using scp. The source file (demo) allows user, group, and world read/write access (644) on the client (abchost). After the upload, the file allows user-only read/write access (600) on the server (xyzhost).
joe@abchost:~> ls -l demo
-rw-r--r-- 1 joe users 30 2008-10-02 12:07 demo
joe@abchost:~> scp -oSetRemoteEnv=UMASK=066 demo firstname.lastname@example.org:
demo 30 0.0KB/s 00:00 100%
joe@abchost:~> ssh email@example.com
Last login: Thu Oct 2 16:56:22 2008 from 188.8.131.52
[joe@xyzhost ~]$ ls -l demo
-rw------- 1 joe joe 30 Oct 2 16:57 demo