10 thoughts on - Set Default Permission To Deployuser:deployuser For Nfs Common Mount Point /mnt/test

• Wouldn’t it be easiest to run the PHP code as user deployuser?

  Otherwise you may have to fiddle with setuid/setgid flags on the directories in /mnt/test.

  Regards, Simon

• Easiest (and possibly the only) way is to set GID bit on /mnt/test – chmod g+swx /mnt/test

  Then configure systemd to set the umask for apache and php-fpm.

  Create a file named umask.conf and add this to it:

  [Service]
  UMask2

  Then copy that file to:

  /etc/systemd/system/httpd.service.d/umask.conf
  /etc/systemd/system/php-fpm.service.d/umask.conf

  You may have to create the two .service.d directories.

  Then run “systemctl daemon-reload” and restart apache and php-fpm.

  I use the Remi repo to allow using different PHP versions and so also added that file to:

  /etc/systemd/system/php74-php-fpm.service.d/umask.conf
  /etc/systemd/system/php80-php-fpm.service.d/umask.conf

  Emmett

• Thanks Emmett for the suggestion. I will keep you posted once it is done. Thanks in advance.

• Hi Emmett,

  I have a follow up question regarding permissions. I am running a php application hosted on the nginx version: nginx/1.22.0
  using php74-fpm-7.4.32-1.el7.ius.x86_64 running on CentOS Linux release
  7.9.2009 (Core)I have this folder
  /var/www/html/gsmaidp/web/sites/default/files folder which is owned by deployuser.

  *drwrwsrwx 25 deployuser deployuser 4096 Nov 9 08:23 files*

  #id deployuser uid01(deployuser) gid02(deployuser)
  groups02(deployuser),995(nginx),994(php-fpm)

  ps aux | grep php root 27692 0.0 0.0 473296 14648 ? Ss 09:23 0:00 php-fpm:
  master process (/etc/php-fpm.conf)
  nginx 27693 0.0 0.1 475476 17980 ? S 09:23 0:00 php-fpm:
  pool www nginx 27694 0.0 0.1 475476 16440 ? S 09:23 0:00 php-fpm:
  pool www nginx 27695 0.0 0.1 475476 16412 ? S 09:23 0:00 php-fpm:
  pool www nginx 27696 0.0 0.1 475476 16420 ? S 09:23 0:00 php-fpm:
  pool www nginx 27697 0.0 0.1 475492 16428 ? S 09:23 0:00 php-fpm:
  pool www

  ps aux | grep nginx root 3392 0.0 0.0 51264 1368 ? Ss Oct21 0:00 nginx:
  master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 3393 0.0 0.0 52356 4380 ? S Oct21 0:51 nginx:
  worker process nginx 3394 0.0 0.0 52396 4648 ? S Oct21 1:45 nginx:
  worker process nginx 3395 0.0 0.0 52488 4648 ? S Oct21 5:38 nginx:
  worker process nginx 3396 0.0 0.0 52500 4652 ? S Oct21 8:32 nginx:
  worker process nginx 27693 0.0 0.1 475476 17980 ? S 09:23 0:00 php-fpm:
  pool www nginx 27694 0.0 0.1 475476 16440 ? S 09:23 0:00 php-fpm:
  pool www nginx 27695 0.0 0.1 475476 16412 ? S 09:23 0:00 php-fpm:
  pool www nginx 27696 0.0 0.1 475476 16420 ? S 09:23 0:00 php-fpm:
  pool www nginx 27697 0.0 0.1 475492 16428 ? S 09:23 0:00 php-fpm:
  pool www

  Whenever any new files like images or pdf files or new subfolders created inside /var/www/html/gsmaidp/web/sites/default/files folder by the php application the files or subfolders have user and group ownership of nginx user.

  Is there a way to have ownership of all new files and subfolders to deployuser created under /var/www/html/gsmaidp/web/sites/default/files. I
  set SETGID (SET Group ID) flag of chmod as per below but the file is still owned by nginx user.

  #cd /var/www/html/gsmaidp/web/sites/default/
  #chmod g+s files

  I also tried the ACL method but the new files and subfolders are still owned by nginx user.

  #setfacl -Rdm u:deployuser:rwx,g:deployuser:rwx,o::rwx files
  #setfacl -Rm u:deployuser:rwx,g:deployuser:rwx,o::rwx files

  #ls -l image15.png
  -rw-rw-r–+ 1 nginx nginx 387071 Nov 9 08:27 image15.png

  Do i need to run any add cron entry to have consistent ownership of deployuser for all files and subfolders created under
  /var/www/html/gsmaidp/web/sites/default/files
  * * * * * root chown -R deployuser.deployuser
  /var/www/html/gsmaidp/web/sites/default/files

  Am I missing anything above? Please guide me. Thanks in advance.

  Best Regards,

  Kaushal

• also do chmod 2775 files then, create a file in files/ as user nginx, it should then be owned by nginx:deployuser

  I think you can not set owner this way, only the group.

  I guess fiddling with ACLs just makes it more complicated :)

  Regards, Simon

• Thanks Simon for the email response. Is there a way to have consistent deployuser (user and group ownership) on new files and subfolders created inside files directory?

  cd /var/www/html/gsmaidp/web/sites/default/files/

  #ls -l image15.png
  -rw-rw-r–+ 1 nginx deployuser 387071 Nov 9 08:27 image15.png

  to

  #ls -l image15.png
  -rw-rw-r–+ 1 deployuser deployuser 387071 Nov 9 08:27 image15.png

  Apologies for bugging. Please suggest further. Thanks in advance

  Best Regards,

  Kaushal

• That’s the expected behaviour.

  I’m not aware of any way to do that. I thought a newly created file always has the ownership of the creating user. Maybe it’s possible somehow but I
  don’t know it.

• Am 09.11.22 um 10:41 schrieb Kaushal Shriyan:

  Try:

  setfacl -R -m g:deployuser:rwX,d:g:deployuser:rwX,u:nginx:rwX,d:u:nginx:rwX /data/

• Am 09.11.22 um 10:56 schrieb Simon Matter:

  and use

  getfacl

  instead

  ls -l

• It is not clear to me what you are asking, however I can tell you that when the GID bit is set on a directory, every new directory created in that directory will be set to the GID of that directory. So if nginx is the group assigned to a directory, then every new directory under that directory will be assigned to the nginx group.

  Setting the umask to 002 will cause group write permissions for any file or directory created, instead of only user write as the default umask of 022 would cause.

  Emmett