(23 March 2011)
When sftp-server is run in chroot mode, the default umask is not suitable. Uploaded files are 644 and created directories are 775. I do not want "other" permissions on uploaded files or created directories.
With this change, files are uploaded as 640 and directories are are 770. While not exactly what I want, it is close enough.
- This is only necessary if you are doing chroot'd sftp. If you are doing regular sftp, use the changing-the-subsystem-call trick listed here.
- Users can still change their umasks after connecting via sftp. This only changes the default umask. In practice, most users won't mess with their umasks, and if you are paranoid enough that you are using chroot'ing for sftp, I presume you have designed your filesystem hierarchy to defend against crazy users.
I am not a programmer. This probably doesn't do what you want. Don't use it. If you do this and something goes wrong, horribly or not, my liability is limited to feeling bad for you on a best-effort basis.
Get openssh-5.8p1.tar.gz from http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
Put the two patch files attached to this page somewhere like /tmp
# tar zxvf openssh-5.8p1.tar.gz
# cp openssh-5.8p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/
# cp openssh-5.8p1.tar.gz /usr/src/redhat/SOURCES/
# cd /usr/src/redhat/SPECS
# patch -p1 < /tmp/openssh-58.p1-Centos-SPEC-diff.patch
# cp /tmp/openssh-5.8p1dgm1.patch ../SOURCES
# rpmbuild -ba openssh.spec
Note: the patch for the .spec file includes the mucking around done by example on the Building OpenSSH-Portable for CentOS
You should end up with some openssh RPMs of version 5.8p1-1b.