FS#16796 - [apache] Add configuration option to set umask for the httpd process
Attached to Project:
Arch Linux
Opened by Massimiliano Torromeo (mtorromeo) - Friday, 23 October 2009, 09:23 GMT
Last edited by Jan de Groot (JGC) - Saturday, 06 March 2010, 18:20 GMT
Opened by Massimiliano Torromeo (mtorromeo) - Friday, 23 October 2009, 09:23 GMT
Last edited by Jan de Groot (JGC) - Saturday, 06 March 2010, 18:20 GMT
|
Details
Description:
In some cases it is needed to change the umask for the apache process, for example to allow write privileges to all users in the http group (umask 002) This is possible in other distributions /etc/apache2/envvars in debian-based distros, /etc/sysconfig/httpd in redhat-based distros. I tried adding umask 002 in the init script or in /usr/sbin/envvars (which is sourced by httpd), but it didn't work. Regards. |
This task depends upon
Closed by Jan de Groot (JGC)
Saturday, 06 March 2010, 18:20 GMT
Reason for closing: Implemented
Additional comments about closing: apachectl sources /etc/conf.d/apache now, so you can implement this yourself in that configuration file.
Saturday, 06 March 2010, 18:20 GMT
Reason for closing: Implemented
Additional comments about closing: apachectl sources /etc/conf.d/apache now, so you can implement this yourself in that configuration file.
When I start a new project I make a dir in /srv/http/ chowned by <user>:http. Then only my user and http group have write permission.
Let's say the project path is /srv/http/proj owned by foo:http, permissions 755
Only foo has the rights to write in it.
So I chmod 775 to give apache the rights to write inside /srv/http/proj.
Let's say a script served by apache creates a new file /srv/http/proj/a.txt.
This file is going to be owned by http:http 644 (umask beeing 022), and foo cannot edit/delete it.
If foo was part of the http group and the umask was 002, then a.txt would be created with 664 permissions and foo could modify it.
This is done on other distros as described in the task details, but I don't know why it doesn't work on archlinux if I set umask in /usr/sbin/envvars (that seems to be the equivalent, although in an odd location).
Thanks for looking into this.
Setting the umask is surely something I can rely on if I am the one in control of the server configuration.