On 2017-12-14T17:28, House Lee <hlee@xxxxxxxxxxxx> wrote: > Hi, > > I understand that if I specify `ForceCommand internal-sftp -u <umask>`, the permission of any files uploaded via sftp will be calculated by `<original permission> & ~umask`. However, this can be bypassed by the `-P` option of `put` command. We are developing a shared hosting platform, therefore we definitely don’t want our users being able to upload any executable files. We can not disable the x permission by umask because directories need the x permission. > > Is there any possible way to accomplish this? or is it possible to add a `ForceFilePermission` and `ForceDirPermission` option in the sshd_config ? Mount the filesystem in question with 'noexec', you probably also want 'nosuid' and 'nodev' anyways. Ciao, Alexander Wuerstlein. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev