On 10/27/2016 01:44 PM, Alex wrote: > Hi, > > On Thu, Oct 27, 2016 at 4:09 PM, Gordon Messmer > <gordon.messmer@xxxxxxxxx> wrote: >> On 10/25/2016 06:53 PM, Alex wrote: >>> >>> The problem I was having >>> was with the user doing local modifications (joomadmin) not being able >>> to modify files uploaded or changed by the joomla apache user >>> (apache). >>> >>> Numerous suggestions were made, including changing all the files to be >>> sgid write, adding the users to a common group, and other, more >>> complicated recommendations. >>> >>> I'm really surprised at the state of security by many of these >>> suggestions. >> >> >> First, add the joomlaadmin to the apache group: >> # usermod -a -G apache joomadmin >> >> Second, change the apache umask. Use "systemctl edit httpd" and enter two >> lines in the editor that opens: >> [Service] >> UMask=0002 >> >> Third, restart the httpd service with "systemctl restart httpd" >> >> There you go. httpd will create files that are writable by the group >> apache, and joomadmin is a member of that group, so it can modify those >> files. You haven't given apache any new permissions. >> >> I have tested this specific process on Fedora 24. > > I've actually already done these exact steps, and it doesn't work (on > fedora23). When you say you've tested it, do you mean you tested the > steps above, or you did something to confirm afterwards that its umask > is 0002? > > # cat /etc/systemd/system/httpd.service.d/override.conf > [Service] > UMask=0002 > # systemctl restart httpd > # su - apache -s /bin/bash > -bash-4.3$ umask > 0022 Alex, the change to the override.conf file affects ONLY the httpd _process_ started by systemd. It does NOT change the umask for the apache _user_ (which is what you tested). To only way to verify the change "took" is to have the httpd process create a file and check the mode of the file created. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - A day for firm decisions!!! Well, then again, maybe not! - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
