Hi, On Thu, Oct 27, 2016 at 4:09 PM, Gordon Messmer <gordon.messmer@xxxxxxxxx> wrote: > On 10/25/2016 06:53 PM, Alex wrote: >> >> The problem I was having >> was with the user doing local modifications (joomadmin) not being able >> to modify files uploaded or changed by the joomla apache user >> (apache). >> >> Numerous suggestions were made, including changing all the files to be >> sgid write, adding the users to a common group, and other, more >> complicated recommendations. >> >> I'm really surprised at the state of security by many of these >> suggestions. > > > First, add the joomlaadmin to the apache group: > # usermod -a -G apache joomadmin > > Second, change the apache umask. Use "systemctl edit httpd" and enter two > lines in the editor that opens: > [Service] > UMask=0002 > > Third, restart the httpd service with "systemctl restart httpd" > > There you go. httpd will create files that are writable by the group > apache, and joomadmin is a member of that group, so it can modify those > files. You haven't given apache any new permissions. > > I have tested this specific process on Fedora 24. I've actually already done these exact steps, and it doesn't work (on fedora23). When you say you've tested it, do you mean you tested the steps above, or you did something to confirm afterwards that its umask is 0002? # cat /etc/systemd/system/httpd.service.d/override.conf [Service] UMask=0002 # systemctl restart httpd # su - apache -s /bin/bash -bash-4.3$ umask 0022 Thanks, Alex _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
