The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Changing default umask value for CentOS

Discussion in 'Security' started by Spork Schivago, Jul 30, 2016.

  1. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Hello,

    I thought perhaps because this involves file permissions, the security section was the best place for this question. If you feel this is in the wrong forum, please let me know.

    Recently, I've upgraded from v56 to v58 and from EasyApache 3 to EasyApache 4. I've had some issues. Some of the issues were with file permissions and ownership / group owner. After opening a support ticket and having the problems fixed, a support technician said this:

    Code:
    ...I can tell you that the cpanel maintenance script does utilize the umask setting every time it runs, so changing the umask would have changed the source of information that the cpanel update script uses as a source of its default permissions information. 
    
    I don't know why I missed that part when I first read it but when I was going through old tickets, I noticed it and now this has me concerned. My question is what negative effects, if any, would having a custom umask value be?

    The default umask value for non-root users was 002 I believe. I changed this to 027. The default umask value for root was 022 I believe. I changed this to 077.

    I had another problem with permissions and asked the tech if my non-default umask values were the cause and they felt that having the umask values changed to my settings wouldn't effect cPanel in any negative ways.

    So, will it? Personally, I feel if a cPanel script requires certain permissions, that cPanel script should be setting them and not assuming there's a default umask value set. I think this could prevent a lot of issues for people.

    At this point, I'm wondering if I should change the umask values back or not. It's just a lot easier to set a custom umask value then run chmod everytime I create a file or directory. Thanks.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I suggest using the default umask values, and addressing the issue that requires you to manually adjust the permissions on new files or directories. For instance, which PHP handler are you using, and for what purpose in-particular do you change the permission values?

    Thank you.
     
  3. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    294
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Thank you for the response. Currently, I'm using suPHP. I plan on adding a lot of users to my system and sometimes I do stuff with root. It's a pain to always remember to make whatever files I create with root not world readable. To me, it's much easier just changing the umask value. After all, isn't that essentially what the umask value is for? I'd think if we're not supposed to change the umask value because they mess up cPanel, then maybe the cPanel scripts should be rewritten to set the umask value before creating files / directories. To me, that way makes a lot more sense.

    I'll change it back to the default values. Would it cause problems if I set the umask value in a .bashrc or a .bashprofile file so it only gets loaded when I login in use sudo / su?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's generally advised to upload/edit/copy files for an account while logged in as that account username. That said, should you choose to modify the default umask values in your bash profile, ensure you note the suPHP permission/ownership requirements listed at:

    Apache PHP Request Handling - EasyApache - cPanel Documentation

    Thank you.
     
    Spork Schivago likes this.
Loading...

Share This Page