Ubuntu – Setting umask for www-data user (run via sudo) on Ubuntu 10.04 LTS

apache-2.2Ubuntuubuntu-10.04umask

I run apache as user www-data on Ubuntu 10_04 LTS. I've got /etc/apache2/envvar setup with 'umask 002' so that any new files/dirs created by the daemon have group write permissions enabled. At times, I need to create files/dirs from the command line so I do 'sudo -u www-data' commands, but I can't figure out how to get those to enable group write permissions on creation.

In /etc/passwd, Ubuntu's home directory is listed as '/var/www'. So, per the ubuntu documentation (https://help.ubuntu.com/community/EnvironmentVariables), I've tried adding "umask 002" to the following locations:

/var/www/.profile

/var/www/.bashrc

/var/www/.bash_profile

/var/www/bash_login

And the the global environment files:

/etc/environment

/etc/bash.bashrc

Even after adding "umask 002" to all those files and rebooting, running 'sudo -u www-data touch testfile' results in "-rw-r–r–" permissions. (I tried that with the www-data shell set to both /bin/sh and /bin/bash.)

Is there any way to setup so that 'sudo -u www-data' commands will create items with group write permissions enabled?

Best Answer

Have you tried setting it via /etc/sudoers itself? As per sudoers(5):

   umask_override  If set, sudo will set the umask as specified by sudoers
                   without modification.  This makes it possible to
                   specify a more permissive umask in sudoers than the
                   user's own umask and matches historical behavior.  If
                   umask_override is not set, sudo will set the umask to
                   be the union of the user's umask and what is specified
                   in sudoers.  This flag is off by default.
Related Topic