Apache Umask and Writeable Files
Had an interesting issue arise this week. A couple servers I administer are loaded with many individual sites. Eventually root will create a file in one of these sites and when the user of that site logs in via FTP, they cannot modify the file (they do not own it). As a part of our weekly maintenance, we would go through each site and recursively CHOWN all the files to the proper ownerships. This though did not take into consideration files created by Apache. For example, a PHP script may create a directory somewhere. Once you change the ownership, even if the the user belongs to the Apache group, the directory becomes unwriteable to Apache.
After some searching I found a way around this. Set the umask variable to 002. It depends on your flavor of Linux but with CentOS and Redhat, you just add this to your /etc/sysconfig/httpd file: Code:
umask 002 This still allows us to change ownerships weekly, but still keeps files created by Apache writeable for Apache. |
How did you come across this issue, and have you encountered any other challenges related to file permissions and ownership in your server administration tasks?
|
All times are GMT -4. The time now is 06:46 PM. |
Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2024, vBulletin Solutions, Inc.