在systemd中设置php-fpm umask

Question

I have looked at several other answers and none of them are working. for example: How to set umask for php5-fpm on Debian?

here's the setup.

I have a cakePHP 2 app running with apache as a reverse proxy for php-fpm on RHEL 7.

I've created a site specific user, which we'll call siteuser.

The virtual host for this site will do a 'SuexecUserGroup for the siteuser user/group.

I've added the php-fpm user to the siteuser group.

There are specific directories in cakePHP 2 which must be writable. I've made these directories group writable and set the S bit so new files are created with the group intact.

In addition, I set the systemd UMask for php-fpm as follows:

/etc/systemd/system/php-fpm.service.d/override.conf

[Service]
UMask=113

After saving this file I do a systemctl daemon-reload && systemctl restart php-fpm.

however, the files are getting written as 777 rather than the 664 I would expect.

What am I missing?

Answer 1

Please add a 0 to your umask for the special permissions bit (ie sticky, setuid, setgid, etc.)

[Service]
UMask=0113

Update :

It seems like your changes are not being recognized at all ... I just noticed you are setting this in your override.conf file. In this case you need to make sure that override.conf is being included from the main config (IIRC: php5-fpm.service.conf in the same folder).

Also, have a look at this serverfault question that may contain further information for you.