Setting permissions for SFTP transfer (during transfer, not after)

Ben Edwards list4me2 at
Wed Feb 24 14:06:05 UTC 2010

On 24/02/2010, Tom H <tomh0665 at> wrote:
> > When I SFTP a file onto a box I get the permissions -rw-r--r--, but I
> > want the permissions -rw-rw----. For security reasons I don't want to
> > transfer the file then change the permissions, I want the file to have
> > the permissions from when it first exists. To specify the requirement
> > a bit more formally:
> > "To enable a user to SFTP a files onto a box with the permissions set
> > to user and group readwrite and no access to world. These permissions
> > must be set at the beginning of the transfer (rather than after using
> > chmod). This is to ensure users can not read, change or delete the
> > file at any time (during or after the transfer)."
> > This can either be done as a SFTP set-up of something the user does
> > when transferring the files.
> Your requirements are contradictory. You want a mode of 0660 but users
> must "not read, change or delete the file at any time (during or after
> the transfer)". If you set 0660, they can modify the sftp'd files
> after sftp'ing them.

I ment at no time should users outside the group have any access to the file.

> To have the 0660 mode, change
> Subsystem sftp /usr/libexec/openssh/sftp-server
> in
> /etc/ssh/sshd.config
> to set a umask.

Thanks for that, I will have a look at the file.  Is this a umask for
all gusers of can it be done on a user basis?


> You might also need to chown and chmod g+s the directory to which you
> are sftp'ing.
> --
> ubuntu-users mailing list
> ubuntu-users at
> Modify settings or unsubscribe at:

More information about the ubuntu-users mailing list