Setting umask for sshfs mount

masavini picture masavini · Jan 24, 2015 · Viewed 9.6k times · Source

If I mount the sshfs server with no umask, i get -rw-rw-r-- on new created files. If I try and open a php file on the server on my browser, i get this error:

Incorrect file/directory permissions: Above 755.
In order files to be processed by the webserver, their permissions have to be equal or below 755. 

So I tried with umask=0022: the new created files have -rwxr-xr-x. These permissions are fine, as the error above does not appear anymore. However, I can't understand why the new files are set as executables...

Could you please explain? Many thanks...

Answer

Alexandre Schmidt picture Alexandre Schmidt · May 13, 2016

From sshfs manual:

   -o umask=M
          set file permissions (octal)

Note the manual mentions the option name is umask. So it is not the same values you would use in chmod, where 7 means rwx (binary 111). Instead, umask is a mask, as the name says.

For fuse, this mask is used as an inversion of the desired permission.

Then, from http://wiki.gilug.org/index.php/How_to_mount_SFTP_accesses#General_working_of_umask, we get the following:

[umask i]s a template-mask. Is as a chmod inverse, because is used for shading the permissions to be set when creating files and directories. As higher is the octal value, more restrictive (at binary level a bit 1 shades an attribute and a bit 0 allows it).

0 allows rwX
1 allows rw-
2 allows r-X
3 allows r--
4 allows -wX
5 allows -w-
6 allows --X
7 allows ---

So, if you supply 0022, the permission will go as follows:

  1. AND with 0777 (see umask man page) to consider only "user", "group" and "others" permissions (i.e. discard first part of the mask).

000 000 010 010 -> 0022

AND

000 111 111 111 -> 0777

=

000 000 010 010 -> 0022

  1. Invert the three permissions.

000 010 010 -> 022

becomes

111 101 101 -> 755

If you don't want the files to be executable, but want them to be readable and writable (chmod 666), you should set umask to:

110 110 110 = 666 <- chmod value
001 001 001 = 111 <- umask value