# SFTP and umask. Where can I find pam_umask for FreeBSD?



## olav (Nov 15, 2011)

I need to set a default umask for some sftp users.

I found this guide http://sysadmin.circularvale.com/server-config/setting-a-umask-for-chrooted-sftp-users/
But it uses a pam_umask module which I can't find for FreeBSD. Is there a alternative for this?


----------



## toddnni (Nov 15, 2011)

Hi olav,

there is no need to mess with PAM. Set umask for your sftp users' login class in login.conf() and it will automatically apply to sftp connections (and shell logins). I haven't found a solution simple as this on Linux yet.

PS. Remember to `# cap_mkdb /etc/login.conf` after the change.


----------



## pelmen (Nov 15, 2011)

other way via /etc/sshd/sshd_config:


```
Subsystem       sftp    "umask 0002; /usr/libexec/sftp-server"
```


----------



## olav (Nov 15, 2011)

Thank you toddnni. That worked great!

Though I have another problem, and thats understanding umask values. What I want to set is 660(rw-rw----). If I understand umask correctly, its 777-660 = 117? But this give me a completely different permission.


----------



## DutchDaemon (Nov 16, 2011)

A file has a default permission of '666', a directory has a default permission of '777'. So pick the right umask with that in mind. If you want files to be created with 660, it's 666-660 -> umask 006 (default is 022, which results in 644 for files and 755 for directories).


----------

