I have a very interesting situation. I have a Debian Lenny server running Apache/2.2.9 and PHP 5.2.6-1+lenny10. When Apache creates a new file (simple php upload script or http svn checkin) the permissions and ownership on the file is:
www-data test -rwxr-xr-x
When a new directory is created the permissions and ownership are:
www-data test drwxr-sr-x
I have made changes on the server to /etc/profile with umask 0002. This setting is supposed to make newly created files to 664 and newly created directories to 775. It ONLY does this when I actually log in as the www-data user and manually do so via command line. It does NOT do it when Apache creates the data. Has anyone else ever witnessed this behavior? What is the difference between logging in as the "www-data" user and creating files versus the "www-data" user running through Apache? Do the files inherit permissions from the /tmp folder or something? I'm interested in directly resolving the default permissions with Apache not implementing a workaround.
Here are my steps thus far:
- create a new group (test)
- usermod -a -G test usera
- usermod -a -G test userb
- groups usera
- Change the ownership of everything under html/ with the user and new group
- chmod 2775 html/
- find html/ -type d -exec chmod 2775 {} \;
- find html/ -type f -exec chmod 0664 {} \;
- edit /etc/profile with new umask setting of 0002
- restarted apache and logged in and out with the "www-data" user and site user
No comments:
Post a Comment