Setting the Umask of the Apache User

Setting the umask of the Apache user

Apache inherits its umask from its parent process (i.e. the process starting Apache); this should typically be the /etc/init.d/ script. So put a umask command in that script.

How to set umask for www-data user?

I hope this will work, Please try this way

Manually edit /etc/systemd/system/ php7.0-fpm.service file and add UMask=0002 line inside [Service] section.

Previously, it was like this.

Sample Image


Run command systemctl daemon-reload


Run command systemctl restart php7.0-fpm.service

Now the service file looks like this:

Description = The PHP FastCGI Process Manager
After =

Type = notify
PIDFile = /var/run/php/
ExecStartPre = /usr/lib/php/php7.0-fpm-checkconf
ExecStart = /usr/sbin/php-fpm7.0 --nodaemonize --fpm-config /etc/php/7.0/fpm/php-fpm.conf
ExecReload = /bin/kill -USR2 $MAINPID
; Added to set umask for files created by PHP
UMask = 0002

WantedBy =

NB : You can not use systemctl edit php7.0-fpm.service command as edit option was introduced in systemctl version 218 but Debian 8 ships with version 215.

linux umask for sudo and apache

I solved my own problems.

For the sudo permissions, I executed sudo visudo and added the line Defaults umask = 0002 to the end.

For the Apache user, I added the line umask 0002 to the end of the /etc/apache2/envvars (I couldn't find any better solution).

Changing umask of apache on ArchLinux

After trying again, strangely editing the /etc/rc.d/httpd file works.

Just put

umask 0002

Right after the #!/bin/bash and everything works as it should.

No idea why it didn't work before, but well...

Setting a Umask value for a particular directory and not a user

If you want everybody to be able to write into that directory, but that the files remained owned by directory owner, you could do from your Unix/Linux terminal:

chmod 1775 <complete path>/MAIN_OUTPUT

Then from time to time, directory owner can come here and give permissions to everyone, since he still owns the file.

You may find more expertise on though.

Apache is not respecting my default permissions when writing files

This one has also been bugging me for a while but I was too busy to hunt down a solution. Your question got me motivated to fix it. I found the answer on Stack Overflow.

In short, the solution is to change the umask of the Apache process. The link above mentions two possible places to make the change: you add umask 002 to

  1. /etc/init.d/apache2
  2. /etc/apache2/envvars (Debian/Ubuntu) or /etc/sysconfig/httpd (CentOS/Red Hat), or


I recently upgraded from Ubuntu 12.04 32-bit to 14.04 64-bit and, to my great irritation, I could not get this to work. It worked for some PHP scripts but not others - specifically, a short test script I wrote worked fine, but the Laravel caching code did not. A co-worker put me on to another solution: bindfs.

By mounting my project directory (/var/www/project) in my home directory (~/project) with the appropriate user mapping, all my problems were solved. Here's my fstab entry:

/var/www/project  /home/username/project  fuse.bindfs  map=www-data/username:@www-data/@usergroup

Now I work in ~/project - everything looks like it's owned by username:usergroup and all filesystem changes work as if I own the files. But if I ls -la /var/www/project/, everything is actually owned by www-data:www-data.

Perhaps this is an overly-complicated solution, but if you have trouble getting the umask solution to work, this is another approach.

How to trace where php5-fpm umask settings are coming from on ubuntu

Not a solution for generically tracing where umask settings are coming from on ubuntu (the only way I've found so far is the good old hard work approach of replicating the issue, attempting to isolate it to a script or a function, then stepping back through each script/function that is called recursively) but a solution to the php5-fpm umask issue. I've found a lot of hits on google, stackoverflow, and elsewhere for the problem, but so far no solution. Hopefully this is useful for people.

Edit /etc/init/php-fpm.conf to include the line umask 0002 (or whatever umask you wish). My version of the file now looks like this:

# php5-fpm - The PHP FastCGI Process Manager

description "The PHP FastCGI Process Manager"
author "Ondřej Surý <>"

start on runlevel [2345]
stop on runlevel [016]

### my edit - change umask setting
umask 0002

pre-start exec /usr/lib/php5/php5-fpm-checkconf

exec /usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf


Having traced through the service command which launches php5-fpm at startup, it runs some checks (line 118 on my copy) for /etc/init/${SERVICE}.conf, along with verifying initctl is present and can report it's version. If these tests are passed then upstart is used which in the case of php5-fpm uses the /etc/init/php-fpm.conf file.

The ubuntu upstart site gives pretty clear instructions. In particular you can check out the upstart cookbook for the specifics you need.

As best I can work out that means that therefore the 'service' command was never actually running the start-stop-daemon … commands found in /etc/init.d/php5-fpm which is why my previous edits were having no effect. Instead it passes off to upstart (actually initctl) when you use something like service php5-fpm start, etc.

Related Topics

Leave a reply