Setting permissions for SFTP transfer (during transfer, not after)

Tom H tomh0665 at
Wed Feb 24 13:43:22 UTC 2010

> When I SFTP a file onto a box I get the permissions -rw-r--r--, but I
> want the permissions -rw-rw----. For security reasons I don't want to
> transfer the file then change the permissions, I want the file to have
> the permissions from when it first exists. To specify the requirement
> a bit more formally:

> "To enable a user to SFTP a files onto a box with the permissions set
> to user and group readwrite and no access to world. These permissions
> must be set at the beginning of the transfer (rather than after using
> chmod). This is to ensure users can not read, change or delete the
> file at any time (during or after the transfer)."

> This can either be done as a SFTP set-up of something the user does
> when transferring the files.

Your requirements are contradictory. You want a mode of 0660 but users
must "not read, change or delete the file at any time (during or after
the transfer)". If you set 0660, they can modify the sftp'd files
after sftp'ing them.

To have the 0660 mode, change
Subsystem sftp /usr/libexec/openssh/sftp-server
to set a umask.

You might also need to chown and chmod g+s the directory to which you
are sftp'ing.

More information about the ubuntu-users mailing list