Top

Umask

Ubuntu 14.04 guide to umask

Posted on September 29, 2015 in Web Development

The problem

A common headache in web development for linux novices are permissions and groups. Maybe by now you know that the www-data user owns Apache’s /var/www files and folders. Why is that important? 

Ever had the need to compress your applications files? Maybe you use Gulp or Grunt.

 

Regardless, we’ve all been met with this:


  sudo gulp --production

…and then nothing. You go to view your page and you’re staring at a blank screen.


We need permission from super user to run gulp but we’ve left ourselves with a mess:


$ ls -lA
-rw-r--r--  1 root   root   1646 Sep 23 02:27 artisan
drwxrwsr-x  3 root   root   4096 Sep 23 02:27 bootstrap

 

So what do we do, time and time again?


$ sudo chown www-data:www-data fusiondesign.app/ -R
$ sudo chmod 775 fusiondesign.app/ -R

and everything is good with life again.

 


The solution

Ubuntu and Debian come out of the box with pam_umask. Pam gives you an environment variable in /etc/login.defs. Setting umask to 0002 tells your computer to only worry about the world and stop changing group membership and ownership.


    UMASK 0002

umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files. It also may refer to a function that sets the mask.
— Wikipedia https://en.wikipedia.org/wiki/Umask


So how about when we use sudo?


    sudo visudo

Use the above command to edit the sudoers file. Then add the following line to the bottom of the file:


    Defaults:USERNAME_HERE umask=0002

* Make sure to reboot or relog after this.

And finally, lets make sure Apache plays nice.


    sudo vim /etc/apache2/envvars

You’ll want to open up /etc/apache2/envvars with your favorite text editor and add/change the following line to:


    umask 0002


    sudo service apache2 restart


Recap & Cleanup

We updated the umask for our user, the apache user, and our sudoer. This will leave your files untouched when working in /var/www and throughout your system.

In our next post we’ll be discussing permissions and the default www-data group.

comments powered by Disqus