From Boldcore's wiki
Jump to: navigation, search
 
(19 intermediate revisions by the same user not shown)
Line 8: Line 8:
  
 
== Solution ==
 
== Solution ==
1. Create special user for web content management (for example admin)<br>
+
* Create special user for web content management (for example admin)<br>
2. Change his umask<br>
+
* Change his umask<br>
 
+
 
<pre>
 
<pre>
 
echo "umask 002" >> /home/admin/.bashrc
 
echo "umask 002" >> /home/admin/.bashrc
 
echo "umask 002" >> /home/admin/.bash_profile
 
echo "umask 002" >> /home/admin/.bash_profile
 
</pre>
 
</pre>
 
 
<i>Here comes systemd part :))</i><br>
 
<i>Here comes systemd part :))</i><br>
  
3. vim /usr/lib/systemd/system/httpd.service  
+
* vim /usr/lib/systemd/system/httpd.service  
4. Paste <pre>UMask=0002</pre> in to <pre>[Service]</pre> section<br>
+
* Paste UMask=0002 in to [Service] section<br>
5. <ESC>, : , write <ENTER> , quit <ENTER> <br> :))
+
* <ESC>, : , write <ENTER> , quit <ENTER> :))<br>
5. systemctl daemon-reload
+
* systemctl daemon-reload
6. systemctl restart httpd.service
+
* systemctl restart httpd.service
7. Test !
+
* Test !
 +
<pre>
 +
[Unit]
 +
...
 +
[Service]
 +
UMask=0002
 +
...
 +
[Install]
 +
...
 +
</pre>
  
 
== Test of solution ==
 
== Test of solution ==
1. Create php file
+
* Create php file<br>
<pre>
+
<pre>
 
<?php
 
<?php
 
   $file = fopen("testfile.text", "w") or die("ERROR !");
 
   $file = fopen("testfile.text", "w") or die("ERROR !");
Line 36: Line 43:
 
?><br>
 
?><br>
 
</pre>
 
</pre>
2. Check if privileges of testfile.text are correct<br>
+
*2. Check if privileges of testfile.text are correct<br>
 
<pre>-rw-rw-r--  1 apache  apache    23 Mar  8 08:41 testfile.text</pre>
 
<pre>-rw-rw-r--  1 apache  apache    23 Mar  8 08:41 testfile.text</pre>
 +
<br><br>

Latest revision as of 03:55, 8 March 2017

Change umask (privileges) for files modified by Apache

Intro

By default, umask is set to 022, which means 755 for folders and 644 for non-executable files.
In this case, only owner can change the contents of the file.

So let's imagine, that You've uploaded some stuff. By default, only You will be able to change the content, and apache will be shooting error messages.

Solution

  • Create special user for web content management (for example admin)
  • Change his umask
echo "umask 002" >> /home/admin/.bashrc
echo "umask 002" >> /home/admin/.bash_profile

Here comes systemd part :))

  • vim /usr/lib/systemd/system/httpd.service
  • Paste UMask=0002 in to [Service] section
  • <ESC>, : , write <ENTER> , quit <ENTER> :))
  • systemctl daemon-reload
  • systemctl restart httpd.service
  • Test !
[Unit]
 ...
[Service]
UMask=0002
 ...
[Install]
 ...

Test of solution

  • Create php file
<?php
  $file = fopen("testfile.text", "w") or die("ERROR !");
  $text = "Check privileges now !\n";
  fwrite($file, $text);
  fclose($file);
  sleep(1); // Simple DDoS protection
?><br>
  • 2. Check if privileges of testfile.text are correct
-rw-rw-r--  1 apache  apache    23 Mar  8 08:41 testfile.text