On 10/27/2016 02:27 PM, Alex wrote: > Hi, > > >>> I've actually already done these exact steps, and it doesn't work (on >>> fedora23). When you say you've tested it, do you mean you tested the >>> steps above, or you did something to confirm afterwards that its umask >>> is 0002? >>> >>> # cat /etc/systemd/system/httpd.service.d/override.conf >>> [Service] >>> UMask=0002 >>> # systemctl restart httpd >>> # su - apache -s /bin/bash >>> -bash-4.3$ umask >>> 0022 >> >> Alex, the change to the override.conf file affects ONLY the httpd >> _process_ started by systemd. It does NOT change the umask for the >> apache _user_ (which is what you tested). >> >> To only way to verify the change "took" is to have the httpd process >> create a file and check the mode of the file created. > > Yes, thanks. I still need to test it for joomla through the apache > user, but as I mentioned in a previous email a few minutes ago, it > still appears to be 0022. > > How is it set for the normal user? I've modified /etc/bashrc (and even > /etc/profile), and the apache user doesn't have a .bashrc or > .bash_profile, and it's still 0022. Where did you set it? By default /etc/profile changes the umask for interactive shells to 0002 under the following criteria: if the user ID is > 199 AND the EUID (by name) is the same as the EGID (by name) Otherwise the umask is set to 0022. By default, /etc/bashrc does precisely the same for _non-login_ bash shells. Just to prove you can change the umask via /etc/profile: [root@prophead ~]# su - apache -s /bin/bash -c "umask" 0022 [root@prophead ~]# echo "umask 0002" >>/etc/profile [root@prophead ~]# su - apache -s /bin/bash -c "umask" 0002 Note that this affects ALL users' interactive shells, so delete that line we just added from the end of /etc/profile as soon as possible after you're satisfied it works. I'd highly recommend you add code to both /etc/profile and /etc/bashrc to selectively change the umask for the apache user (on my machine, that's UID 48). > This is important because the "joomadmin" user will be manipulating > these files via sFTP or scp. > > I've also tried modifying the Subsystem variable to first set the > umask before running /usr/libexec/openssh/sftp-server, and the Windows > sFTP client they're using apparently can't handle this. Uh, how? The /etc/ssh/sshd_config line should read: Subsystem sftp /usr/libexec/openssh/sftp-server -u 0002 and you must restart sshd via "systemctl restart sshd.service" as /etc/ssh/sshd_config is only read when sshd starts up. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - A day for firm decisions!!! Well, then again, maybe not! - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
