Hello again, Now that umask is working (thanks very much!) I have found that I would like to see more control over sftp-server/internal-sftp file permissions. Given that previous patches (sftp file control comes to mind) were produced indicates there are other users that would also like more control over file permissions. My solution was to add yet another option to sftp-server/internal-sftp that forces file permissions, so something like the following in sshd_config: Match Group sftponly ChrootDirectory /home/chroot-%u ForceCommand internal-sftp -m 660 Or even globally: Subsystem sftp /usr/local/libexec/sftp-server -m 600 Please see the attached patch. I have only been able to test the changes on RHEL4 and Ubuntu 10.04. I have been running a patched version of 5.6p1 in production on RHEL4 and haven't had any problems. Note that the attached patch was produced against the 1.92 version of sftp-server.c. Best regards, Rob Candland -- -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-forcefileperm.patch Type: text/x-diff Size: 2632 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20101104/91998538/attachment.bin>