[CentOS] Apache umask

Wed Jul 15 18:02:21 UTC 2020
Emmett Culley <lst_manage at webengineer.com>

On 7/15/20 2:39 AM, Gianluca Cecchi wrote:
> On Wed, Jul 15, 2020 at 2:39 AM Emmett Culley via CentOS <centos at centos.org <mailto:centos at centos.org>> wrote:
>     Thanks for the info.  I hadn't seen that before nor many of the links.  I had seen the suggested systemd fix, but have never been able got them to work. And I've tried many combinations.  Still no luck.
>     There has to be a way to get this done.
>     Emmett
> Hi,
> what is the original need? Could it be that you can accomplish the desired effect using ACL on particular directories/files?
> Gianluca

Might could, but that seems like overkill for my purposes, as I don't use ACLs anywhere else.  I cannot be the only developer that needs apache created files to be managed by a group.  The truth is some sites, like wordpress or joomla, can be better managed when a group member can read or write apache created files.  Like via SFTP or local FTP.

Today, I have to make all files world writable to update joomla, and that could be better managed by allowing the owning group to access those files.  In the case where the client manages the site, I have to log into the server and change the permissions every time they update the site.  Or even to update most plugins.

Wprdpress sites are better, but even then, I still sometimes need to set and unset explicit file permissions depending on the plugins installed.

All this would not be an issue if apache created files with a unask of 002.  One simple adjustment to the server to allow us to use normal Linux file permissions to manage files.

If I don't find a solution to this I guess I'll have to use your ACL suggestion. It is getting to be pain to manage multiple sites in the current manner.

Surely someone knows how to force apache to use a umask of 002, other than building from source.