> On 7/13/20 6:40 PM, Emmett Culley via CentOS wrote:
>> I need to set the umask for apache to 002. I've tried every idea I've
>> found on the internet, but nothing make a difference. Most suggest that
>> I put "umask 002" in /etc/sysconfig/httpd, but that doesn't seem to make
>> a difference. Other's suggest adding something to the httpd.service
>> script for systemd. And that doesn't make any difference.
>
> I had a couple sideline emails with Emmett about suexec possibly being the
> culprit. TL;DR: that's not it.
>
> The apache suexec utility can enforce a umask (typically 022) on CGI and
> SSI (server-side includes). Taking a look at the source in
> support/suexec.c, if compiled with AP_SUEXEC_UMASK set to some value, it
> will set the umask; else there is no umask change. AP_SUEXEC_UMASK is set
> via ./configure with --with-suexec-umask.
>
> In CentOS 8 httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.src.rpm the
> httpd.spec for ./configure with suexec-related configuration flags are
> notably absent of --with-suexec-umask. I also did a prep of the sources
> and no patches modify the suexec sources in this way.
I may have missed something but it seems to work in my test:
# grep -i umask /proc//status
Umask: 0022
# cat /etc/systemd/system/httpd.service.d/override.conf
[Service]
UMask=0002
# systemctl edit httpd.service
< enter override config >
# grep -i umask /proc//status
Umask: 0002
That's what you are looking for, isn't it?
I didn't test to write files but at least the umask on the process is set
as it seems.
Regards,
Simon
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
