Am 24.03.2014 13:26, schrieb Florian Weimer:
On 03/24/2014 01:23 PM, Reindl Harald wrote:
>> It's still very difficult to securely process uploaded files under a
different user account. Some SFTP clients set
>> restrictive permissions on upload, and the OpenSSH implementation does not allow
to bypass that.
>
> man umask
>
> [root@rh:/downloads]$ cat /etc/ssh/sshd_config | grep internal-sftp
> Subsystem sftp internal-sftp -u 006
umask doesn't apply to explicit chmod
besides that we get way too off-topic and my first reply was in context
of "because ssh is giving too much access" which is a wrong anecdote:
fine, the same applies for samba, ftp and any other file transfer protocol
if you want 100% defined permissions you need to use inotify and handmade
daemons in any case because the client can fire always a chmod of files
he own