Ssh Umask
This involves setting the umask in sshdconfig in the Subsystem line, however, it doesn’t work for chrooted users as the umask gets set, ssh session starts and the chroot recreates the umask info (this is how I understand it, anyway). So if you’re using chroot for users, you probably have something similar to this in your sshdconfig. Ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJYZIsncBTFc+iCRHXkeGfFA67j. Basheternalhistory umask $oldumask '$PROMPTCOMMAND'.updateeternalhistory. So it should be possible to set a per-user umask for user someuser in the GECOS field, for example using. Sudo chfn -o umask=0444 someuser and then either setting umask=0022 in the pamumask entry in /etc/pam.d/sshd file - or perhaps better, omit the umask= there altogether so that other users fall back to the umask specified in the default files. First bit (0) in default umask values represents a special permission (SUID, SGID or Sticky bit) which cannot be affected by umask. Since umask cannot affect this permission, it always uses a value zero (0) as the placeholder value in this field. A value zero (0) means, ignore it.
When you want to share a little git repository on your own server the first thing that comes to your mind is SSH. It’s installed virtually everywhere, secure and easy to configure.In the beginning there are no problems, because everyone can clone your repo and if they don’t change files concurrently even pushing works. About one day latter you get umask problems and start to search the web for solutions. To make it short, here it is:
This option makes git care about the permission stuff.I wasted about 10 hours of my lifetime for this one and found an odd thing about ~/.ssh/rc:
I added the second line, because I wasn’t sure if it was executed. It was (look at the file permissions):
But my umask didn’t last:
Don’t know why, if anyone knows tell me please.
It took at least an hour of Googling to find this solution, so I’m posting it here for reference and hopefully it could help others.
If you’re not using a chroot jail, you can follow this: http://jeff.robbins.ws/articles/setting-the-umask-for-sftp-transactions
This involves setting the umask in sshd_config in the Subsystem line, however, it doesn’t work for chrooted users as the umask gets set, ssh session starts and the chroot recreates the umask info (this is how I understand it, anyway).
Linux Ssh Umask
So if you’re using chroot for users, you probably have something similar to this in your sshd_config:
Subsystem sftp internal-sftp
UsePAM yes
Match user username
ChrootDirectory /path/to/directory
ForceCommand internal-sftp
Sftp Umask
You should then edit the file /etc/pam.d/sshd and add the following:
session optional pam_umask.so umask=0002
And in /etc/profile, if it’s not already there (it was for me on Ubuntu 10.10), add the following at the bottom:
umask 022
And that’s it. internal-sftp does not execute any shells so it won’t take any notice of information in profile/login/rc etc, however, pam authentication is used so the configuration is seen there instead (unless, of course, you’ve turned it off).
Ssh Umask Change
Ref: http://ubuntuforums.org/archive/index.php/t-1107974.html