Ubuntu 14.04 guide to umask

Posted on September 29, 2015 in Web Development

The problem

A common headache in web development for linux novices are permissions and groups. Maybe by now you know that the www-data user owns Apache’s /var/www files and folders. Why is that important? 

Ever had the need to compress your applications files? Maybe you use Gulp or Grunt.


Regardless, we’ve all been met with this:

  sudo gulp --production

…and then nothing. You go to view your page and you’re staring at a blank screen.

We need permission from super user to run gulp but we’ve left ourselves with a mess:

$ ls -lA
-rw-r--r--  1 root   root   1646 Sep 23 02:27 artisan
drwxrwsr-x  3 root   root   4096 Sep 23 02:27 bootstrap


So what do we do, time and time again?

$ sudo chown www-data:www-data -R
$ sudo chmod 775 -R

and everything is good with life again.


The solution

Ubuntu and Debian come out of the box with pam_umask. Pam gives you an environment variable in /etc/login.defs. Setting umask to 0002 tells your computer to only worry about the world and stop changing group membership and ownership.

    UMASK 0002

umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files. It also may refer to a function that sets the mask.
— Wikipedia

So how about when we use sudo?

    sudo visudo

Use the above command to edit the sudoers file. Then add the following line to the bottom of the file:

    Defaults:USERNAME_HERE umask=0002

* Make sure to reboot or relog after this.

And finally, lets make sure Apache plays nice.

    sudo vim /etc/apache2/envvars

You’ll want to open up /etc/apache2/envvars with your favorite text editor and add/change the following line to:

    umask 0002

    sudo service apache2 restart

Recap & Cleanup

We updated the umask for our user, the apache user, and our sudoer. This will leave your files untouched when working in /var/www and throughout your system.

In our next post we’ll be discussing permissions and the default www-data group.

comments powered by Disqus