set umask to 0002 for sftp and also scp

I desire documents sent out to my server making use of sftp and also scp to be team - writable. Just how can I do that?

I attempted making use of libpam - umask from yet it really did not function.

EDIT: Is there any kind of means I can repair pam? Exists a log? Exists any kind of usual reason that libpam-umask would certainly not function? Do I need to install something?

2019-05-18 23:27:13
Source Share
Answers: 2

I had comparable umask troubles: attempting to get all documents in a directory site to be team legible despite that developed them.

I obtained a little bit stuck at first ; I can set the sticky little bit on the team, so all documents had very same team, yet, in the beginning, can locate no other way to set permissions continually and also appropriately. (The usage of a cron work to consistently place it right did not appear sufficient.)

Yet after that I located the remedy. Posix ACLs, you can embed in a directory site buildings (customers, teams, permissions/modes) to acquire, establishing the default setting for customer and also team will certainly have the result that you desire.

You will possibly require to install it, and also new back-up devices (the default ones do not constantly find out about ACLs)

as origin as soon as:

apt-get install acl

as proprietor of directory site (the 3rd line establishes the default setting to the existing setting for all directory sites in $dir):

chmod -R ug+rwX 
find $dir -type d -print0 | xargs -0 -i{}  bash -c "getfacl --access {} | setfacl -d -M- {}"
2019-05-31 09:44:18

I assume PAM reviews the default umask from /etc/login.defs since Debian 6.0, yet I do not presently have accessibility to a system to examine.

2019-05-21 09:57:56