No file permissions for group and others via SFTP

[szentesik]

trafficstars

OpenSSH for Windows v8.6.0.0 (8.6p1) Windows Server 2012 R2 Linux client, reproducible via WinSCP v5.19.3

Unix style rights for remote files are always rwx for user, nothing for group and others (0700/0600) and have found no method to change this for now. Client would like to see the files with read rights set (0655/0644).

NTFS file permissions are set with proper rights, even no success with everyone/full control, inheritance disabled on the whole sftp root directory. User to access is administrator. Changing rights via WinSCP makes nothing.

Would appreciate any advice whether the default rights can be set somehow in configuration. Thanks for the support!

[mgkuhn]

I think you need to provide more detailed step-by-step instructions on how to exactly reproduce your problem before anyone can help. Where do you see “Unix style rights”? What path and filesystem is the example file on? What tools and environments (WSL? WSL2? Cygwin? Samba?) do you use to inspect the permissions? Can you show the output of iacls and ls -la, of not just the file but also its parent directory?

Are you familiar with how inheritance of file permissions from the parent folder works in Windows NTFS? You should be able to use inherited ACEs on the parent directory do control permissions. (In case it helps: the best introduction to Windows NTFS ACLs that I've read is section 2 of this excellent SACMAT 2001 paper by Swift et al., because it gives you the actual algorithms used.)

In Unix, default file permissions are defined via umask. I don't think Windows has any equivalent, so inherited ACEs are probably the next best thing.