Setting permissions for SFTP transfer (during transfer, not after)

Sundar Nagarajan sundar.personal at
Fri Feb 26 05:57:22 UTC 2010

Ben Edwards wrote:
> When I SFTP a file onto a box I get the permissions -rw-r--r--, but I
> want the permissions -rw-rw----. For security reasons I don't want to
> transfer the file then change the permissions, I want the file to have
> the permissions from when it first exists. To specify the requirement
> a bit more formally:
> "To enable a user to SFTP a files onto a box with the permissions set
> to user and group readwrite and no access to world. These permissions
> must be set at the beginning of the transfer (rather than after using
> chmod). This is to ensure users can not read, change or delete the
> file at any time (during or after the transfer)."
> This can either be done as a SFTP set-up of something the user does
> when transferring the files.
> any Ideas?

How about overlaying a tar/cpio operation on top of ssh/sftp?
i.e. tar the file on the remote end, transfer over ssh and untar on the 
local end. Tar preserves permissions (not ownership unless executed as root)

Let's say you want to get a file named /d1/d2/f1 using userid u2 on 
remote machine m2 and copy that file to directory /d3/d4 on the local 

ssh u2 at m2 tar cf - -C /d1/d2 f1 | tar xf - -C /d3/d4/ -p

The -C on the remote end asks tar to cd to that directory before 
archiving the file. the 'cf -' options specify create the archive to 
stdout. The archive which is output on stdout comes over the ssh 
connection and is piped to thelocal invocation of tar.

The -p option to the local invocation of tar at the end asks tar to 
preserve permissions that were captured by the remote invocation of tar.


Sundar Nagarajan
Linux User #170123 | Ubuntu User #2805

More information about the ubuntu-users mailing list