From 980777ebf1ff56695c7da1a75b7315b0e391a69f Mon Sep 17 00:00:00 2001
From: "ljf (zamentur)" <zamentur@users.noreply.github.com>
Date: Fri, 26 Nov 2021 18:12:20 +0100
Subject: [PATCH] [enh] Conserver group permission

---
 conf/ssh/sshd_config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/ssh/sshd_config b/conf/ssh/sshd_config
index 4a239d2ad..c340e451f 100644
--- a/conf/ssh/sshd_config
+++ b/conf/ssh/sshd_config
@@ -84,7 +84,7 @@ Subsystem sftp internal-sftp
 
 # Apply following instructions to user with sftp perm only
 Match Group sftp.main,!ssh.main
-    ForceCommand internal-sftp
+    ForceCommand internal-sftp -u 0002
     # We can't restrict to /home/%u because the chroot base must be owned by root
     # So we chroot only on /home
     # See https://serverfault.com/questions/584986/bad-ownership-or-modes-for-chroot-directory-component
@@ -97,7 +97,7 @@ Match Group sftp.main,!ssh.main
     PermitUserRC no
 
 Match Group sftp.app,!ssh.app
-    ForceCommand internal-sftp
+    ForceCommand internal-sftp -u 0002
     ChrootDirectory %h
     AllowTcpForwarding no
     AllowStreamLocalForwarding no