[CentOS] Apache umask

Wed Jul 15 00:38:49 UTC 2020
Emmett Culley <lst_manage at webengineer.com>

On 7/13/20 4:21 PM, Phoenix, Merka wrote:
>>> I need to set the umask for apache to 002.  I've tried every idea I've found on the internet, but nothing make a difference.  Most suggest that I put "umask 002" in /etc/sysconfig/httpd, but that doesn't seem to make a difference.>>
>>>    Other's suggest adding something to the httpd.service script for systemd.  And that doesn't make any difference.
>>>
>>> Any suggestion from this list would be appreciated.
>>>
>>> Emmett
> 
> SystemD does have a directive for UMask in their "unit" scripts under the '[service]' section
> 
>   See: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#UMask=
> [ https :// www. freedesktop. org /software/systemd/man/systemd.exec.html#UMask= ]
> and also:
> https://man7.org/linux/man-pages/man5/systemd.exec.5.html
> [ https :// man7. org /linux/man-pages/man5/systemd.exec.5.html ]
> 
> Several posts on StackExchange indicate that the name of the directive 'UMask' is case-sensitive, so it must match the first two letters as UPPERcase, the remainder lowercase.
> 
> This posting at ServerFault provides the exact steps:
> https://serverfault.com/questions/924960/how-to-set-umask-for-apache-on-amazon-linux-2-ami
> 
> [ https :// serverfault. com /questions/924960/how-to-set-umask-for-apache-on-amazon-linux-2-ami ]
> 
> Depending on how Apache httpd is called (for example, if there is a wrapper script called instead of an executable), there may be other players in the mix that would influence what the process ends up with for its umask.
> 
> Start first with how Apache httpd is called by SystemD, and trace it out to the binary (see if your script(s) call any other scripts). Worst case, you could go the opposite route and have the unit script call a bash script instead of the executable directly, and the bash script can set umask right before it calls the httpd binary.
> 
> Cheers!
> 
> Simba
> Engineering

Thanks for the info.  I hadn't seen that before nor many of the links.  I had seen the suggested systemd fix, but have never been able got them to work. And I've tried many combinations.  Still no luck.

There has to be a way to get this done.

Emmett