I'd really appreciate any help in tracking down and diagnosing an umask issue on Ubuntu:
I'm running php5-fpm
with Apache via proxy_fcgi
. The process is running with a umask of 0022 (confirmed by having PHP send the results of umask()
into a file [the result is '18' == 0022]). I'd like to change this to 0002, but can't track down where the umask is coming from.
Apache is set with umask 0002, and as a test, if I disable proxy_fcgi
and run my test above, I get a file with u+g having rw access (and the file contents confirm the umask as '2' == 0002).
If I sudo -iu fpmuser
and run umask
the results are 0002.
System info:
- PHP: 5.5.3-1ubuntu2.1
- Apache: 2.4.6
- Ubuntu: 13.10
- PHP-PFM is listing using TCP ports (as Unix ports aren't yet working/support)
So far I've tried the following (each followed by a system restart and a retest):
- adding
umask 0002
to the start of/etc/init.d/php5-fpm
- adding
--umask 0002
into thestart-stop-daemon
calls in/etc/init.d/php5-fpm
- adding
umask 0002
to.profile
in the home of thefpm
user
Something is clearly adjusting the umask of the php-fpm process - so, how can I begin tracing what is forcing the umask 0022 onto the php-fpm process?
EDIT (1):
- adjusting the system wide umask via
/etc/login.defs
(see How to set system wide umask?) affects the umask elsewhere (e.g. comannds viasudo
now have a umask of 0002), but still php-fpm creates files with a umask of 0022. Note that I verified thatsession optional pam_umask.so
was also present in/etc/pam.d/common-session-noninteractive
and I tested umasks of 002 and 0002.
EDIT (2):
- I have been able to replicate the issue using
nginx
andphp5-fpm
(using unix sockets set to listen mode '0666'). - I would love to trace where the umask is coming from but I'd settle for some way to force it to what I want.
- I should add that the first test was done on an Amazon Ubuntu 13.10 image. My tests in 'edit 2' where completed using a copy of the Ubuntu13.10 server ISO setup from scratch in a virtual machine. All installations were completed via apt-get rather than by downloading the source and building.
EDIT (3):
I have confirmed I can manipulate the umask manually by either of the following (verified by checking the permissions on the test file created):
a. In a shell, set a umask then run
/usr/sbin/php-fpm
from the shellb. In a shell, run the following with whatever umask value I like:
start-stop-daemon --start --quiet --umask 0002 --pidfile /var/run/php5-fpm.pid --exec /usr/sbin/php5-fpm -- --daemonize --fpm-config /etc/php5/fpm/php-fpm.conf
However this exact same command in the
/etc/init.d/php5-fpm
file fails to adjust the umask when runningsudo service php5-fpm stop; sudo service php5-fpm start
or at reboot.