This patch has been around for several years. I used to be more diligent about maintaining it but lately I have been slacking off. I'll try to release updates when new versions of openssh appear, but no guarantees.

patch for openssh that allows a system administrator to set the umask on sftp sessions and to control whether the client may issue chown and chmod commands in an sftp session. You may optionally designate a umask that overrides any server, client or environment umasks. This is useful in cases where you want to enforce a strict file creation mode and you want to prohibit users from being able to change file permissions on existing files. An example is a web development server that contains a common folder where many users upload and modify content. The chown/chmod feature is useful in cases where you want to prohibit ftp clients from changing ownership of public area files.

This patch supersedes the popular sftplogging patch for openssh versions 4.4p1 and higher.

This patch is designed for Unix-based operating systems.

List of distributions that include this patch:

If your distribution uses this patch and you would like to include it on this list, please email me.

The Author's Homepage

System admins will be interested in my description of how to build your own S3- and EBS-backed AMIs for AWS EC2 using vanilla CentOS installation discs and running your own stock CentOS kernel: See here:

System admins/Desktop Support/IT Helpdesk people will be interested in my tutorial on how to build a useful, multifunction, multiboot USB Stick: Utility USB Stick


This patch is copyrighted and made available under the terms of the license provided. When you use this patch, please take time to read through the license terms which are provided in the patch itself. It's a basic BSD style license. In simple terms, it means you can do almost anything you want with it (use it, redistribute it, modify it) but you must provide the copyright notice (ie. the top portion of the patch) and license itself.
For example, if you use this patch in a software distribution, you must provide the copyright notice along with the distribution itself, either in the documentation (manuals, release notes, etc.), on the system itself (perhaps as a README), or some other similar means.
Be aware that the use of this patch in any situation at all requires making the copyright notice available. Failing to do so constitutes copyright infringement and violation of the license.

More details about the history of the patch, who uses it, and the author are given in the sftplogging link above.

------------------ ANNOUNCEMENTS ----------------------

April 9, 2014. I've given some other folks permission to update this patch for recent versions of openssh. So if you need this patch for openssh-6.x, please see this page: Yare sftpfilecontrol . Thanks to these guys for helping out!

May 21, 2011. Sorry it's been a while since I updated the patch. I'll try to get to it soon.

May 21, 2011. Added link to my homepage

March 15, 2010. released openssh-5.4p1.sftpfilecontrol-v1.3.patch

January 29, 2010. released openssh-5.3p1.sftpfilecontrol-v1.3.patch

March 30, 2009. released openssh-5.2p1.sftpfilecontrol-v1.3.patch

January 4, 2009. v1.3 release. Compatibility fix for AIX users. It appears that the C compiler on AIX does not support "//" comment delimiter so I replaced this with the standard delimiter.

October 12, 2008. Released openssh-5.1p1.sftpfilecontrol-v1.2.patch

June 10, 2008. Released openssh-5.0p1.sftpfilecontrol-v1.2.patch

March 19, 2007. Released openssh-4.6p1.sftpfilecontrol-v1.2.patch

March 19, 2007. v1.2 release. Compatibility fix. On Solaris, getenv() does not return NULL, it returns a pointer to a null string.

You may download the patch here: and here: Yare

You may read about the author here:

You may contact the author here: Michael Martinez