[CentOS] Using umask

Paul Bijnens Paul.Bijnens at xplanation.com
Fri Jun 24 13:51:24 UTC 2011


On 2011-06-21 17:22, Todd Cary wrote:
> Grasping a full understanding of setting default Users, Groups 
> and Masks has alluded me over the years, but now I find myself in 
> a situation where manually "setting" the file/directory 
> attributes is becoming a pain.
> 
> I understand the fundamentals of the file attributes, though from 
> time to time I have to review the "sticky bit"; what I do not 
> understand is where/how the attributes are set when a user 
> creates or modifies a file/directory.  Here is my situation:
> 
> My /var/www/html files have been manually set by me to 
> apache/apache 774.  This allows my PHP applications to access the 
> files, and I assume this is a "good" setting.
> 
> Now, my server is connected via Samba to my desktop.  If I create 
> a file, it is todd/todd 744, so Apache cannot access them.
> 
> If PHP (Apache) creates or modifies a file, it is apache/apache 
> 755, so I cannot access them (Write/Delete).

I use a combination of settings in Unix and Samba.

Add yourself to the apache group.

Set the toplevel folder with the SGID bit:
      chgrp apache /the/toplevel
      chmod g+swx /the/toplevel
This makes sure that each file/folder created in that folder will
inherit the group writeable bit.
When you have already subfolders there, you need to change each subfolder
as well, once, to get the permissions of the whole tree correct.

In samba, set up the share with:
    force create mode = 775
    force directory mode = 2775
this makes sure that samba does not remove that group-writable bit
again, that was added by the kernel obeying the SGID bit of the parent folder.

And then I only have to struggle with some programs, that think they
are smarter, and explicitly remove the group writeable settings.


-- 
Paul Bijnens, Xplanation                            Tel  +32 16 397.525
Interleuvenlaan 86, B-3001 Leuven, BELGIUM          Fax  +32 16 397.552
***********************************************************************
* I think I've got the hang of it now:  exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., *
* stop, end, ^]c, +++ ATH, disconnect,  halt,  abort,  hangup,  KJOB, *
* ^X^X,  :D::D,  kill -9 1,  kill -1 $$,  shutdown,  init 0,  Alt-F4, *
* Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... *
* ...  "Are you sure?"  ...   YES   ...   Phew ...   I'm out          *
***********************************************************************



More information about the CentOS mailing list