Setting up a new webserver in Ubuntu 14.04 and trying to wrangle file permissions for PHP generated files.
By default, all the directories and files in /var/www
are owned/grouped to www-admin. Directory permissions are rwxrwsr-x
and file permissions are rw-rw-r--
.
We then set the group on a limited number of directories to www-data – this is so that PHP (via Apache) can write log and cache files in this location.
However, I cannot get PHP to obey a umask of 0002
, and so files generated by PHP are only writeable to the www-data user. This is a problem, since we use continuous integration, and some other cleanup processes.
So far, I have:
- Set the umask to 0002 in
/etc/pam.d/common-session
- Set the umask to 0002 in
/etc/pam.d/common-session-noninteractive
- Set the umask to 0002 in
/etc/profile
- Set the umask to 0002 in
/etc/apache2/envvars
- Set the umask to 0002 in
/etc/login.defs
- Set the umask to 0002 for
www-data
in/etc/passwd
usingsudo chfn -o "umask=002" daemon_username
And I'm still stuck.
I've stopped/started the service, and even restarted the computer – no joy.
Best Answer
"umask 002" in /etc/apache2/envvars should work.
Take notice that Apache must be restarted by "service apache2 stop; service apache2 start" for taking effect, not by "service apache2 restart"!
See here if you need an more detailed sample: https://serverfault.com/a/384922/228027