Setting the umask of the Apache user
Apache inherits its umask
from its parent process (i.e. the process starting Apache); this should typically be the /etc/init.d/
script. So put a umask
command in that script.
How to set umask for www-data user?
I hope this will work, Please try this way
Manually edit /etc/systemd/system/multi-user.target.wants/ php7.0-fpm.service
file and add UMask=0002
line inside [Service] section.
Previously, it was like this.
then
Run command systemctl daemon-reload
then
Run command systemctl restart php7.0-fpm.service
Now the service file looks like this:
[Unit]
Description = The PHP FastCGI Process Manager
After = network.target
[Service]
Type = notify
PIDFile = /var/run/php/php7.0-fpm.pid
ExecStartPre = /usr/lib/php/php7.0-fpm-checkconf
ExecStart = /usr/sbin/php-fpm7.0 --nodaemonize --fpm-config /etc/php/7.0/fpm/php-fpm.conf
ExecReload = /bin/kill -USR2 $MAINPID
; Added to set umask for files created by PHP
UMask = 0002
[Install]
WantedBy = multi-user.target
NB : You can not use systemctl
edit php7.0-fpm.service command as edit option was introduced in systemctl
version 218 but Debian 8 ships with version 215.
linux umask for sudo and apache
I solved my own problems.
For the sudo permissions, I executed sudo visudo
and added the line Defaults umask = 0002
to the end.
For the Apache user, I added the line umask 0002
to the end of the /etc/apache2/envvars
(I couldn't find any better solution).
Changing umask of apache on ArchLinux
After trying again, strangely editing the /etc/rc.d/httpd
file works.
Just put
umask 0002
Right after the #!/bin/bash
and everything works as it should.
No idea why it didn't work before, but well...
Setting a Umask value for a particular directory and not a user
If you want everybody to be able to write into that directory, but that the files remained owned by directory owner, you could do from your Unix/Linux terminal:
chmod 1775 <complete path>/MAIN_OUTPUT
Then from time to time, directory owner can come here and give permissions to everyone, since he still owns the file.
You may find more expertise on http://unix.stackexchange.com though.
Apache is not respecting my default permissions when writing files
This one has also been bugging me for a while but I was too busy to hunt down a solution. Your question got me motivated to fix it. I found the answer on Stack Overflow.
In short, the solution is to change the umask
of the Apache process. The link above mentions two possible places to make the change: you add umask 002
to
/etc/init.d/apache2
/etc/apache2/envvars
(Debian/Ubuntu) or/etc/sysconfig/httpd
(CentOS/Red Hat), or
Edit
I recently upgraded from Ubuntu 12.04 32-bit to 14.04 64-bit and, to my great irritation, I could not get this to work. It worked for some PHP scripts but not others - specifically, a short test script I wrote worked fine, but the Laravel caching code did not. A co-worker put me on to another solution: bindfs.
By mounting my project directory (/var/www/project
) in my home directory (~/project
) with the appropriate user mapping, all my problems were solved. Here's my fstab
entry:
/var/www/project /home/username/project fuse.bindfs map=www-data/username:@www-data/@usergroup
Now I work in ~/project
- everything looks like it's owned by username:usergroup
and all filesystem changes work as if I own the files. But if I ls -la /var/www/project/
, everything is actually owned by www-data:www-data
.
Perhaps this is an overly-complicated solution, but if you have trouble getting the umask
solution to work, this is another approach.
How to trace where php5-fpm umask settings are coming from on ubuntu
Not a solution for generically tracing where umask settings are coming from on ubuntu (the only way I've found so far is the good old hard work approach of replicating the issue, attempting to isolate it to a script or a function, then stepping back through each script/function that is called recursively) but a solution to the php5-fpm umask issue. I've found a lot of hits on google, stackoverflow, and elsewhere for the problem, but so far no solution. Hopefully this is useful for people.
Edit /etc/init/php-fpm.conf
to include the line umask 0002
(or whatever umask you wish). My version of the file now looks like this:
# php5-fpm - The PHP FastCGI Process Manager
description "The PHP FastCGI Process Manager"
author "Ondřej Surý <ondrej@debian.org>"
start on runlevel [2345]
stop on runlevel [016]
### my edit - change umask setting
umask 0002
pre-start exec /usr/lib/php5/php5-fpm-checkconf
respawn
exec /usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf
Explanation
Having traced through the service
command which launches php5-fpm
at startup, it runs some checks (line 118 on my copy) for /etc/init/${SERVICE}.conf
, along with verifying initctl
is present and can report it's version. If these tests are passed then upstart
is used which in the case of php5-fpm
uses the /etc/init/php-fpm.conf
file.
The ubuntu upstart site gives pretty clear instructions. In particular you can check out the upstart cookbook for the specifics you need.
As best I can work out that means that therefore the 'service' command was never actually running the start-stop-daemon …
commands found in /etc/init.d/php5-fpm
which is why my previous edits were having no effect. Instead it passes off to upstart
(actually initctl
) when you use something like service php5-fpm start
, etc.
Related Topics
Understanding Linux /Proc/Pid/Maps or /Proc/Self/Maps
Difference Between Clock_Realtime and Clock_Monotonic
How to Automatically Redirect Http to Https on Apache Servers
How to Recursively Find All Files in Current and Subfolders Based on Wildcard Matching
What Does "&" At the End of a Linux Command Mean
How to Merge Two Files Using Awk
What Does $@ Mean in a Shell Script
Fastest Way to Find Lines of a File from Another Larger File in Bash
Peak Memory Usage of a Linux/Unix Process
Retaining File Permissions With Git
How to Print a Number in Assembly Nasm
Simulate Delayed and Dropped Packets on Linux
The 'Eval' Command in Bash and Its Typical Uses
How to Parse Xml Using Shellscript
Docker Can't Connect to Docker Daemon