Hi Igor This is my actual configuration, I'm using as Wrapper de php-cgi.
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
FcgidWrapper /usr/bin/php-cgi .fcgi
FcgidIPCDir /opt/itsat/var/run/fastcgi/fcgidsock
DefaultInitEnv PHPRC "/opt/itsat/etc/"
FcgidConnectTimeout 100
FcgidMaxRequestsPerProcess 1000
IPCConnectTimeout 100
FcgidMaxProcesses 10
FcgidMaxRequestLen 1572864000
</IfModule>
If tested to change php-cgi by php-cgi-wrapper and I've created an script
who makes umaks before exec php-cgi but didn't work.
I think mod_fcgid is doing UPLOAD (handling file transfer) by itself to
/tmp before process "/usr/bin/php-cgi " have been spawned, is because of
that your suggested bypass doesn't work.
Why mod_fcgid is changing umask ? A bug maybe ?
Thanks a lot!!
.
2012/12/11 Igor Cicimov <[email protected]>
>
> On 11/12/2012 11:05 PM, "Toni Moreno" <[email protected]> wrote:
> >
> > Hi Igor!! Thanks a lot for your answer, but I think is not the correct
> one, becaouse as I said before user "itsat" is already running with correct
> umask, and apache is running with this umask. The same apache instance is
> running mod_php and mod_fcgid. When files are created from mod_php
> default permissions (644) are different from those created from
> mod_fcgid ( 600).
> >
> > Why mod_fcgid changes umaks ?
> >
> >
> > PERMISSIONS MOD_PHP+APACHE = (644)
> >
> > [ITSAT][toni-itsatdev].root:/opt/itsat/var/log > ls -ltr
> > total 112
> > -rw-r--r-- 1 itsat itsatadm 407 Dec 11 12:54 itsat.log
> > -rw-r--r-- 1 itsat itsatadm 2668 Dec 11 12:54 itsat-web.log
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsm.log
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsim.log
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-remote.log
> >
> > PERMISSIONS MOD_FCGID + APACHE ( 600 )
> >
> > itsat@test:/tmp$ ls -ltr
> > total 252
> > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
> > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa <-
> CREATED ON UPLOAD FILE with mod_fcgid
> > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
> > drwx------ 2 root root 100 Dec 11 08:51 vmware-root
> >
> >
> Then use wrapper script to set umask for fcgid. See FcgidWrapper for
> details.
>
> >
> > 2012/12/11 Igor Cicimov <[email protected]>
> >>
> >>
> >> On 11/12/2012 10:42 PM, "Igor Cicimov" <[email protected]> wrote:
> >> >
> >> >
> >> > On 11/12/2012 9:33 PM, "Toni Moreno" <[email protected]> wrote:
> >> > >
> >> > > Hi to all ,and sorry form my poor English.
> >> > >
> >> > > I have a problem when trying upload files and handle it with
> mod_fcgid.
> >> > >
> >> > > The fact is I'm running apache 2.2.16 on debian and runing it as
> user "itsat" which have "0022" umask. ( user "itsat" creates files in 644
> >> > >
> >> >
> >> > Put umask 022 in the /etc/apache2/envvars file.
> >> >
> >> Or call umask from your cgi script if you like better. Or chmod the
> file from the cgi script after uploading as another option. In these cases
> the change will not be global in apache.
> >>
> >> > > itsat@test:/tmp$ touch foo
> >> > > itsat@test:/tmp$ ls -ltr
> >> > > total 252
> >> > > drwxrwxrwt 2 root root 40 dic 11 08:51 VMwareDnD
> >> > > drwx------ 2 root root 100 dic 11 08:51 vmware-root
> >> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:02 foo
> >> > >
> >> > > But when doing an "upload" ( from any browser) the mod_fcgid
> creates a tmp file with 600 permissions !! ( an lots of problems after
> because I can not read it from a CGI program who expects 644 permissions.
> >> > >
> >> > >
> >> > > itsat@test:/tmp$ ls -ltr
> >> > > total 252
> >> > > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD
> >> > > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa
> >> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo
> >> > > drwx------ 2 root root 100 Dec 11 08:51 vmware-root
> >> > >
> >> > >
> >> > > Can anybody help me to change this behavior on apache/mod_fcgid ?
> >> > >
> >> > > Thanks!!!
> >> > >
> >> > > --
> >> > >
> >> > > Att
> >> > >
> >> > > Toni Moreno
> >> > >
> >> > > 699706656
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > Si no quieres perderte en el olvido tan pronto como estés muerto y
> corrompido,
> >> > >
> >> > > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
> >> > >
> >> > >
> >> > >
> >> > > Benjamin Franklin
> >> > >
> >> > >
> >
> >
> >
> >
> > --
> >
> > Att
> >
> > Toni Moreno
> >
> > 699706656
> >
> >
> >
> >
> > Si no quieres perderte en el olvido tan pronto como estés muerto y
> corrompido,
> >
> > escribe cosas dignas de leerse, o haz cosas dignas de escribirse.
> >
> >
> >
> > Benjamin Franklin
> >
> >
>
>
--
Att
Toni Moreno
699706656
*Si no quieres perderte en el olvido tan pronto como estés muerto y
corrompido, *
*escribe cosas dignas de leerse, o haz cosas dignas de escribirse.*
*Benjamin Franklin*
