Setting the umask of the Apache user

Solution 1:

For CentOS and other Red Hat distros, add the umask setting to /etc/sysconfig/httpd and restart apache.

[root ~]$ echo "umask 002" >> /etc/sysconfig/httpd
[root ~]$ service httpd restart

More info: Apache2 umask | MDLog:/sysadmin

For Debian and Ubuntu systems, you would similarly edit /etc/apache2/envvars.

Solution 2:

This was the first result in Google search results for "CentOS 7 apache umask", so I will share what I needed to do to get this work with CentOS 7.

With CentOS 7 the echo "umask 002" >> /etc/sysconfig/httpd -method did not work for me.

I did overwrite the systemd startup file by creating a folder /etc/systemd/system/httpd.service.d and there I created a file umask.conf with lines:

[Service]
UMask=0007

Booted and it worked for me.

Solution 3:

Apache inherits its umask from its parent process (i.e. the process starting Apache); this should typically be the /etc/init.d/ script. So put a umask command in that script.

Solution 4:

Adding a umask command to /etc/apache2/envvars does not seem like a good idea to me, not only because of the name of the file (mentioning variables only) but also based on this comment found in that file:

# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.

This suggests that /etc/apache2/envvars might be sourced by any script doing Apache-related tasks, and changing the umask of those (unknown beforehand) scripts is rather dangerous.

On the other hand, in case the idea of changing the umask of Apache targets relaxing the permissions of files created by mod_dav, you should consider that the DAV repository is considered private to Apache and letting other processes access those files may lead to various isses (including corruption).