[英]How to trace where php5-fpm umask settings are coming from on ubuntu
I'd really appreciate any help in tracking down and diagnosing an umask issue on Ubuntu: 我真的很感激在Ubuntu上追踪和诊断umask问题的任何帮助:
I'm running php5-fpm
with Apache via proxy_fcgi
. 我通过proxy_fcgi
运行php5-fpm
和Apache。 The process is running with a umask of 0022 (confirmed by having PHP send the results of umask()
into a file [the result is '18' == 0022]). 该进程使用0022的umask运行(通过让PHP将umask()
的结果发送到文件[结果为'18'== 0022])来确认。 I'd like to change this to 0002, but can't track down where the umask is coming from. 我想将其更改为0002,但无法追踪umask的来源。
Apache is set with umask 0002, and as a test, if I disable proxy_fcgi
and run my test above, I get a file with u+g having rw access (and the file contents confirm the umask as '2' == 0002). 使用umask 0002设置Apache,作为测试,如果我禁用proxy_fcgi
并运行上面的测试,我会得到一个u + g具有rw访问权限的文件(文件内容确认umask为'2'== 0002)。
If I sudo -iu fpmuser
and run umask
the results are 0002. 如果我sudo -iu fpmuser
并运行umask
,结果是0002。
System info: 系统信息:
So far I've tried the following (each followed by a system restart and a retest): 到目前为止,我已经尝试了以下(每个系统重启和重新测试后):
umask 0002
to the start of /etc/init.d/php5-fpm
将umask 0002
添加到/etc/init.d/php5-fpm
的开头 --umask 0002
into the start-stop-daemon
calls in /etc/init.d/php5-fpm
将--umask 0002
添加到/etc/init.d/php5-fpm
的start-stop-daemon
调用中 umask 0002
to .profile
in the home of the fpm
user 将umask 0002
添加到fpm
用户家中的.profile
Something is clearly adjusting the umask of the php-fpm process - so, how can I begin tracing what is forcing the umask 0022 onto the php-fpm process? 有些东西显然正在调整php-fpm进程的umask - 所以,我怎样才能开始跟踪强制umask 0022进入php-fpm进程的内容?
EDIT (1): 编辑(1):
/etc/login.defs
(see How to set system wide umask? ) affects the umask elsewhere (eg comannds via sudo
now have a umask of 0002), but still php-fpm creates files with a umask of 0022. Note that I verified that session optional pam_umask.so
was also present in /etc/pam.d/common-session-noninteractive
and I tested umasks of 002 and 0002. 通过/etc/login.defs
调整系统范围的umask(请参阅如何设置系统范围的umask? )会影响其他地方的umask(例如,通过sudo
comannds现在有一个0002的umask),但是php-fpm仍会创建一个umask为的umask 0022.请注意,我验证了session optional pam_umask.so
也存在于/etc/pam.d/common-session-noninteractive
,我测试了002和0002的session optional pam_umask.so
。 EDIT (2): 编辑(2):
nginx
and php5-fpm
(using unix sockets set to listen mode '0666'). 我已经能够使用nginx
和php5-fpm
复制问题(使用unix套接字设置为监听模式'0666')。 EDIT (3): 编辑(3):
I have confirmed I can manipulate the umask manually by either of the following (verified by checking the permissions on the test file created): 我已经确认我可以通过以下任一方式手动操作umask(通过检查创建的测试文件的权限来验证):
a. 一个。 In a shell, set a umask then run /usr/sbin/php-fpm
from the shell 在shell中,设置一个umask然后从shell运行/usr/sbin/php-fpm
b. 湾 In a shell, run the following with whatever umask value I like: 在shell中,使用我喜欢的任何umask值运行以下命令:
start-stop-daemon --start --quiet --umask 0002 --pidfile /var/run/php5-fpm.pid --exec /usr/sbin/php5-fpm -- --daemonize --fpm-config /etc/php5/fpm/php-fpm.conf
However this exact same command in the /etc/init.d/php5-fpm
file fails to adjust the umask when running sudo service php5-fpm stop; sudo service php5-fpm start
但是/etc/init.d/php5-fpm
文件中的这个完全相同的命令在运行sudo service php5-fpm stop; sudo service php5-fpm start
时无法调整umask sudo service php5-fpm stop; sudo service php5-fpm start
sudo service php5-fpm stop; sudo service php5-fpm start
or at reboot. sudo service php5-fpm stop; sudo service php5-fpm start
或重启。
Not a solution for generically tracing where umask settings are coming from on ubuntu (the only way I've found so far is the good old hard work approach of replicating the issue, attempting to isolate it to a script or a function, then stepping back through each script/function that is called recursively) but a solution to the php5-fpm umask issue . 不是ubuntu上umask设置来源的一般跟踪解决方案(到目前为止我发现的唯一方法是复制问题,试图将其分离为脚本或函数,然后退回的好旧方法)通过递归调用的每个脚本/函数)但解决php5-fpm umask问题 。 I've found a lot of hits on google, stackoverflow, and elsewhere for the problem, but so far no solution. 我在google,stackoverflow和其他地方发现了很多关于这个问题的点击,但到目前为止还没有解决方案。 Hopefully this is useful for people. 希望这对人们有用。
Edit /etc/init/php-fpm.conf
to include the line umask 0002
(or whatever umask you wish). 编辑/etc/init/php-fpm.conf
以包含行umask 0002
(或任何你想要的umask)。 My version of the file now looks like this: 我的文件版本现在看起来像这样:
# php5-fpm - The PHP FastCGI Process Manager
description "The PHP FastCGI Process Manager"
author "Ondřej Surý <ondrej@debian.org>"
start on runlevel [2345]
stop on runlevel [016]
### my edit - change umask setting
umask 0002
pre-start exec /usr/lib/php5/php5-fpm-checkconf
respawn
exec /usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf
Explanation 说明
Having traced through the service
command which launches php5-fpm
at startup, it runs some checks (line 118 on my copy) for /etc/init/${SERVICE}.conf
, along with verifying initctl
is present and can report it's version. 通过在启动时启动php5-fpm
的service
命令进行跟踪,它会对/etc/init/${SERVICE}.conf
运行一些检查(我的副本上的第118行),同时验证initctl
是否存在并且可以报告它的版本。 If these tests are passed then upstart
is used which in the case of php5-fpm
uses the /etc/init/php-fpm.conf
file. 如果传递了这些测试,则使用upstart
,在php5-fpm
的情况下使用/etc/init/php-fpm.conf
文件。
The ubuntu upstart site gives pretty clear instructions. ubuntu新贵网站提供了非常明确的指示。 In particular you can check out the upstart cookbook for the specifics you need. 特别是您可以查看新贵食谱 ,了解您需要的具体信息。
As best I can work out that means that therefore the 'service' command was never actually running the start-stop-daemon …
commands found in /etc/init.d/php5-fpm
which is why my previous edits were having no effect. 最好的我可以解决这意味着因此'service'命令从未实际运行在/etc/init.d/php5-fpm
中找到的start-stop-daemon …
命令,这就是为什么我以前的编辑没有效果。 Instead it passes off to upstart
(actually initctl
) when you use something like service php5-fpm start
, etc. 相反,当你使用像service php5-fpm start
等service php5-fpm start
时,它会转到upstart
(实际上是initctl
)。
If you use systemd, in the /etc/systemd/system
directory, create a new directory called php7.2-fpm.service.d
. 如果使用systemd,请在/etc/systemd/system
目录中创建一个名为php7.2-fpm.service.d
的新目录。 The name of this directory will vary depending on your distro and PHP version. 此目录的名称将根据您的发行版和PHP版本而有所不同。 Run systemctl list-units --type=service | grep --ignore-case php
运行systemctl list-units --type=service | grep --ignore-case php
systemctl list-units --type=service | grep --ignore-case php
to find out what to call it. systemctl list-units --type=service | grep --ignore-case php
找出它的systemctl list-units --type=service | grep --ignore-case php
。 Inside of this directory, place a file called umask.conf
with the contents: 在此目录内,放置一个名为umask.conf
的文件, umask.conf
包含以下内容:
# /etc/systemd/system/php7.2-fpm.service.d/umask.conf
[Service]
UMask=0002
For the changes to take effect, run: 要使更改生效,请运行:
systemctl daemon-reload && systemctl restart php7.2-fpm
The benefit of this solution is that your customizations are not lost when packages get updated. 此解决方案的好处是,在更新软件包时,您的自定义不会丢失。
Explanation of how this works from the systemd manual : 从systemd手册解释这是如何工作的:
Along with a unit file foo.service, a "drop-in" directory foo.service.d/ may exist. 与单元文件foo.service一起,可能存在“drop-in”目录foo.service.d /。 All files with the suffix ".conf" from this directory will be parsed after the file itself is parsed. 解析文件本身后,将解析此目录中带有后缀“.conf”的所有文件。 This is useful to alter or add configuration settings for a unit, without having to modify unit files. 这对于更改或添加单元的配置设置很有用,而无需修改单元文件。 Each drop-in file must have appropriate section headers. 每个插件文件都必须具有适当的节标题。 Note that for instantiated units, this logic will first look for the instance ".d/" subdirectory and read its ".conf" files, followed by the template ".d/" subdirectory and the ".conf" files there. 请注意,对于实例化的单元,此逻辑将首先查找实例“.d /”子目录并读取其“.conf”文件,然后是模板“.d /”子目录和那里的“.conf”文件。
In addition to /etc/systemd/system, the drop-in ".d" directories for system services can be placed in /usr/lib/systemd/system or /run/systemd/system directories. 除了/ etc / systemd / system之外,系统服务的drop-in“.d”目录可以放在/ usr / lib / systemd / system或/ run / systemd / system目录中。 Drop-in files in /etc take precedence over those in /run which in turn take precedence over those in /usr/lib. / etc中的drop-in文件优先于/ run中的文件,后者优先于/ usr / lib中的文件。 Drop-in files under any of these directories take precedence over unit files wherever located. 任何这些目录下的drop-in文件优先于位于任何位置的单元文件。 Multiple drop-in files with different names are applied in lexicographic order, regardless of which of the directories they reside in. 具有不同名称的多个插入文件以字典顺序应用,而不管它们驻留在哪个目录中。
better copy systemd script before editing php5-fpm.service or it will be overwritten on next update: 在编辑php5-fpm.service之前更好地复制systemd脚本,否则它将在下次更新时被覆盖:
cp /lib/systemd/system/php5-fpm.service /etc/systemd/system/
vi /etc/systemd/system/php5-fpm.service
Add: UMask=0002 in [Service] section.
systemctl daemon-reload
systemctl restart php5-fpm
Source: https://ispire.me/running-php-fpm-with-different-user-group-using-umask/ 来源: https : //ispire.me/running-php-fpm-with-different-user-group-using-umask/
okey, but this applies to all the pools. okey,但这适用于所有池。 Would be handy to be able to set it with something like 能用这样的东西设置它会很方便
env[umask] = 0002 (no chance for this to work) env [umask] = 0002(没有机会这样做)
been googling, but doesn't seem to be a way to do this on a per host basis. 谷歌搜索,但似乎不是一个方法来实现每个主机。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.