[CentOS] Apache umask

Mon Jul 13 23:21:58 UTC 2020
Phoenix, Merka <merka.phoenix at hpe.com>

>> I need to set the umask for apache to 002.  I've tried every idea I've found on the internet, but nothing make a difference.  Most suggest that I put "umask 002" in /etc/sysconfig/httpd, but that doesn't seem to make a difference.>>
>>   Other's suggest adding something to the httpd.service script for systemd.  And that doesn't make any difference.
>> Any suggestion from this list would be appreciated.
>> Emmett

SystemD does have a directive for UMask in their "unit" scripts under the '[service]' section

 See: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#UMask=
[ https :// www. freedesktop. org /software/systemd/man/systemd.exec.html#UMask= ]
and also:
[ https :// man7. org /linux/man-pages/man5/systemd.exec.5.html ]

Several posts on StackExchange indicate that the name of the directive 'UMask' is case-sensitive, so it must match the first two letters as UPPERcase, the remainder lowercase.

This posting at ServerFault provides the exact steps: 

[ https :// serverfault. com /questions/924960/how-to-set-umask-for-apache-on-amazon-linux-2-ami ]

Depending on how Apache httpd is called (for example, if there is a wrapper script called instead of an executable), there may be other players in the mix that would influence what the process ends up with for its umask.

Start first with how Apache httpd is called by SystemD, and trace it out to the binary (see if your script(s) call any other scripts). Worst case, you could go the opposite route and have the unit script call a bash script instead of the executable directly, and the bash script can set umask right before it calls the httpd binary.