Am 15.07.20 um 20:02 schrieb Emmett Culley via CentOS: > On 7/15/20 2:39 AM, Gianluca Cecchi wrote: >> On Wed, Jul 15, 2020 at 2:39 AM Emmett Culley via CentOS >> <centos at centos.org <mailto:centos at centos.org>> wrote: >> >> >> Thanks for the info. I hadn't seen that before nor many of the >> links. I had seen the suggested systemd fix, but have never been able >> got them to work. And I've tried many combinations. Still no luck. >> >> There has to be a way to get this done. >> >> Emmett >> >> >> Hi, >> what is the original need? Could it be that you can accomplish the >> desired effect using ACL on particular directories/files? >> >> Gianluca > > Might could, but that seems like overkill for my purposes, as I don't > use ACLs anywhere else. I cannot be the only developer that needs > apache created files to be managed by a group. The truth is some sites, > like wordpress or joomla, can be better managed when a group member can > read or write apache created files. Like via SFTP or local FTP. > > Today, I have to make all files world writable to update joomla, and > that could be better managed by allowing the owning group to access > those files. In the case where the client manages the site, I have to > log into the server and change the permissions every time they update > the site. Or even to update most plugins. This is best addressed in the application. For example in wordpress you can set define( 'FS_CHMOD_DIR', ( 0775 & ~ umask() ) ); define( 'FS_CHMOD_FILE', ( 0664 & ~ umask() ) ); > Wprdpress sites are better, but even then, I still sometimes need to set > and unset explicit file permissions depending on the plugins installed. > > All this would not be an issue if apache created files with a unask of > 002. One simple adjustment to the server to allow us to use normal > Linux file permissions to manage files. > > If I don't find a solution to this I guess I'll have to use your ACL > suggestion. It is getting to be pain to manage multiple sites in the > current manner. If the application is to dumpy then ACL is your solution. ACL has a default flag that allows setting permissions that gets heritaged. So that files in the future get the right permissions. > Surely someone knows how to force apache to use a umask of 002, other > than building from source. Not a best practice. -- Leon