1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • How to set umask for apache2

    From Chris Green@21:1/5 to All on Wed May 28 17:00:01 2025
    I am running apache2 on my debian 12 system.

    I am trying to set the umask for apache2 to 0002 but I'm failing
    miserably.

    I have set umask in both /etc/apache2/envvars:-

    chris$ tail -10 /etc/apache2/envvars
    ## Enable the debug mode for maintainer scripts.
    ## This will produce a verbose output on package installations of web
    server modules and web application
    ## installations which interact with Apache
    #export APACHE2_MAINTSCRIPT_DEBUG=1

    #
    #
    # Added so files will be writable by members of group www-data
    #
    umask 002

    ... and I have set UMask in the systemd apache2.service:-

    chris$ more /etc/systemd/system/apache2.service.d/override.conf
    [service]
    UMask=0002


    But the apache2 services are still running with umask 0022. How can I
    get it to change?

    (I have restarted apache2 and even rebooted the system, to ne effect)

    systemctl show tells me that systemd knows the umask is 0022:-

    chris$ systemctl show apache2.service | grep -i umask
    UMask=0022

    So why can't I set it!!??


    --
    Chris Green
    ·

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Wooledge@21:1/5 to Chris Green on Wed May 28 17:40:01 2025
    On Wed, May 28, 2025 at 15:34:39 +0100, Chris Green wrote:
    ... and I have set UMask in the systemd apache2.service:-

    chris$ more /etc/systemd/system/apache2.service.d/override.conf
    [service]
    UMask=0002

    Shouldn't that square-bracket header be capitalized? [Service]
    instead of [service], from what I see in the man pages and other
    units.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?xaBhcsWrbmFzIEJ1cmR1bGlz?@21:1/5 to All on Wed May 28 17:40:01 2025
    This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------0ec05uGm9ebRyQTXh0PFt1lK
    Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

    T24gNS8yOC8yNSAxMDozNCBBTSwgQ2hyaXMgR3JlZW4gd3JvdGU6DQo+IFsuLi5dDQo+IC4u LiBhbmQgSSBoYXZlIHNldCBVTWFzayBpbiB0aGUgc3lzdGVtZCBhcGFjaGUyLnNlcnZpY2U6 LQ0KPiANCj4gICAgICBjaHJpcyQgbW9yZSAvZXRjL3N5c3RlbWQvc3lzdGVtL2FwYWNoZTIu c2VydmljZS5kL292ZXJyaWRlLmNvbmYNCj4gICAgICBbc2VydmljZV0NCj4gICAgICBVTWFz az0wMDAyDQoNCkl0IG1heSBuZWNlc3NhcnkgdG8gcmVzZXQgVU1hc2sgZmlyc3QsIGkuZS46 DQoNCltTZXJ2aWNlXQ0KVU1hc2s9DQpVTWFzaz0wMDAyDQoNCg0KLS0gDQrFoGFyxatuYXMg QnVyZHVsaXMNCkRhcnRtb3V0aCBNYXRoZW1hdGljcw0KbWF0aC5kYXJ0bW91dGguZWR1L35z YXJ1bmFzDQoNCsK3IGh0dHBzOi8vdXNlcGxhaW50ZXh0LmVtYWlsIMK3DQo=

    --------------0ec05uGm9ebRyQTXh0PFt1lK--

    -----BEGIN PGP SIGNATURE-----

    wsB5BAABCAAjFiEE5ODlqx+pLMu9Wq48Bw+NpurIYD0FAmg3LPAFAwAAAAAACgkQBw+NpurIYD1D Cwf+L8P19LUV4rJWKJjsu+VhH2GtBWEwNHWU8qvHEw5gsWju7/vurmUgqsS2vM+eRRLVkNtIMtOP 8MXpbBVFOG4HLytpLDhWIzNJcNgnbvnkQ3OUHUSPcybErEEwbLUqFmgapu3XVnCo2RE8zIBYB/gL qlfRKqOCeuvcDGyRLitL5GbUYZ9UROKugXg7p8fGckznSnBkR9uOqjHJh35BfwRnKV4nqkY89nwd xyPk1KwFnLuJ1as66vr5+JOpFP2GcJEgv/4IfySvH1q9VXQ0b8lBo0as7d9P9EORSVzUK483saex H7Dr/yH0lQXmi1IYljxT/NesvBA24OCrYr1GDXTukQ==
    =Q8UL
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Chris Green@21:1/5 to Greg Wooledge on Wed May 28 20:50:01 2025
    Greg Wooledge <[email protected]> wrote:
    On Wed, May 28, 2025 at 15:34:39 +0100, Chris Green wrote:
    ... and I have set UMask in the systemd apache2.service:-

    chris$ more /etc/systemd/system/apache2.service.d/override.conf
    [service]
    UMask=0002

    Shouldn't that square-bracket header be capitalized? [Service]
    instead of [service], from what I see in the man pages and other
    units.

    Yes, I think that is/was the problem though I'm surprised that systemd
    didn't complain.

    As it turns out I don't actually need to run apache2 with umask set to
    0002 as the web application where I wanted group write permission sets
    its own file and directory permissions from the PHP code - and there's
    a configuration setting to change it to what I need.

    --
    Chris Green
    ·

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)