sftp subsystem ignores process umask when creating directory

[rde2]

Version

2.12.0

Bug description

Connect to mina sshd sftp server using normal sftp client. Use "mkdir" to create a directory. The directory is created with mode 777 (rwxrwxrwx). The process umask (0022 or 0027) should prevent "write by others" being set.

The directory is created with the correct mode then this is overridden in doMakeDirectory

Actual behavior

The directory is created with mode 777 (rwxrwxrwx).

Expected behavior

he directory is created without write by others permission.

Relevant log output

No response

Other information

No response

[tomaswolf]

The draft RFCs for SFTP versions 3, 4, and 5 are silent on this matter. For SFTP version 6, the draft RFC says

The server SHOULD NOT apply a 'umask' to the mode bits; but should set the mode bits as specified by the client. The client MUST apply an appropriate 'umask' to the mode bits before sending them. draft-ietf-secsh-filexfer-07

OpenSSH does let the system apply the umask, and its SFTP server can even be run with a custom umask that overrides the system umask. OpenSSH implements SFTP version 3.

Maybe the Apache MINA SFTP server part should have a setting for this for SFTP version < 6.

(Seems more of a feature request than a bug.)