[CentOS] Using umask

Tue Jun 21 15:44:13 UTC 2011
Craig White <craig.white at ttiltd.com>

On Jun 21, 2011, at 8:30 AM, m.roth at 5-cent.us wrote:

> John Hodrien wrote:
>> On Tue, 21 Jun 2011, Todd Cary wrote:
> <snip>
>>> My /var/www/html files have been manually set by me to
>>> apache/apache 774.  This allows my PHP applications to access the
>>> files, and I assume this is a "good" setting.
>>> 
>>> Now, my server is connected via Samba to my desktop.  If I create
>>> a file, it is todd/todd 744, so Apache cannot access them.
>>> 
>>> If PHP (Apache) creates or modifies a file, it is apache/apache
>>> 755, so I cannot access them (Write/Delete).
> <snip>
>> Either have a group that you're both a member of and have a SGID bit set
>> on the relevent directories using that gruop, or look at ACLs.
> 
> To expand on John's cmts. I'd make you a member of the apache group -
> that's usermod -G apache todd, making it a secondary group, *not* your
> personal primary group.
----
this is what I would do but the apache group would necessarily have write permissions to the directory & files you want to edit.

I would however recommend that all other directories NOT have group write permissions or better yet, be owned by someone else (possibly root:root) as a means of security.

Craig