Re: Apache umask

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 15.07.20 um 20:02 schrieb Emmett Culley via CentOS:
On 7/15/20 2:39 AM, Gianluca Cecchi wrote:
On Wed, Jul 15, 2020 at 2:39 AM Emmett Culley via CentOS <centos@xxxxxxxxxx <mailto:centos@xxxxxxxxxx>> wrote:


    Thanks for the info.  I hadn't seen that before nor many of the links.  I had seen the suggested systemd fix, but have never been able got them to work. And I've tried many combinations.  Still no luck.

    There has to be a way to get this done.

    Emmett


Hi,
what is the original need? Could it be that you can accomplish the desired effect using ACL on particular directories/files?

Gianluca

Might could, but that seems like overkill for my purposes, as I don't use ACLs anywhere else.  I cannot be the only developer that needs apache created files to be managed by a group.  The truth is some sites, like wordpress or joomla, can be better managed when a group member can read or write apache created files.  Like via SFTP or local FTP.

Today, I have to make all files world writable to update joomla, and that could be better managed by allowing the owning group to access those files.  In the case where the client manages the site, I have to log into the server and change the permissions every time they update the site.  Or even to update most plugins.


This is best addressed in the application.

For example in wordpress you can set

define( 'FS_CHMOD_DIR', ( 0775 & ~ umask() ) );
define( 'FS_CHMOD_FILE', ( 0664 & ~ umask() ) );



Wprdpress sites are better, but even then, I still sometimes need to set and unset explicit file permissions depending on the plugins installed.

All this would not be an issue if apache created files with a unask of 002.  One simple adjustment to the server to allow us to use normal Linux file permissions to manage files.

If I don't find a solution to this I guess I'll have to use your ACL suggestion. It is getting to be pain to manage multiple sites in the current manner.


If the application is to dumpy then ACL is your solution.
ACL has a default flag that allows setting permissions that
gets heritaged. So that files in the future get the right permissions.



Surely someone knows how to force apache to use a umask of 002, other than building from source.

Not a best practice.


--
Leon


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux