[scponly] scponly and umask
Kaleb Pederson
kaleb.pederson at gmail.com
Tue Jan 29 18:11:49 EST 2008
On Tuesday 29 January 2008, you wrote:
> But I guess the only way to do that is to patch sftp-server. (I also
> looked into setfacl, but our file system does not support directory
> masks.)
setfacl does work pretty well. You just have to make sure that the group
acl's are reasonable.
Take a look at the following. It replaces the sftp-logging patch that has
been around for some time and apparently does what you need:
http://sftpfilecontrol.sourceforge.net/
From the website:
"You may optionally designate a umask that overrides any server, client or
environment umasks. This is useful in cases where you want to enforce a
strict file creation mode and you want to prohibit users from being able to
change file permissions on existing files."
--Kaleb
More information about the scponly
mailing list