I run apache as user www-data on Ubuntu 10_04 LTS. I've got /etc/apache2/envvar setup with 'umask 002' so that any new files/dirs created by the daemon have group write permissions enabled. At times, I need to create files/dirs from the command line so I do 'sudo -u www-data' commands, but I can't figure out how to get those to enable group write permissions on creation.
In /etc/passwd, Ubuntu's home directory is listed as '/var/www'. So, per the ubuntu documentation (https://help.ubuntu.com/community/EnvironmentVariables), I've tried adding "umask 002" to the following locations:
/var/www/.profile
/var/www/.bashrc
/var/www/.bash_profile
/var/www/bash_login
And the the global environment files:
/etc/environment
/etc/bash.bashrc
Even after adding "umask 002" to all those files and rebooting, running 'sudo -u www-data touch testfile' results in "-rw-r--r--" permissions. (I tried that with the www-data shell set to both /bin/sh and /bin/bash.)
Is there any way to setup so that 'sudo -u www-data' commands will create items with group write permissions enabled?
Answer
Have you tried setting it via /etc/sudoers itself? As per sudoers(5):
umask_override If set, sudo will set the umask as specified by sudoers
without modification. This makes it possible to
specify a more permissive umask in sudoers than the
user's own umask and matches historical behavior. If
umask_override is not set, sudo will set the umask to
be the union of the user's umask and what is specified
in sudoers. This flag is off by default.
No comments:
Post a Comment