How to get Apache to write files as group writable?

[Paul Howarth]

Jay Paulson wrote:
>> Jay Paulson wrote:
>>
>>> Yet another file permissions question! :)
>>> I have my file permissions set up so that each local user who is in 
>>> the same group when they create a file it becomes group writable.  
>>> However, even after I add apache into the same group that the local 
>>> users are in (in this case the www group) and upload a file through a 
>>> browser it doesn't make the file group writable.  How do I configure 
>>> FC3 to make apache write files to the file system that are group 
>>> writable (664)?
>>
>>
>> Try adding a line:
>>
>> umask 002
>>
>> to /etc/sysconfig/httpd and then restart httpd
>>
>> Paul.
> 
> 
> I also found that in the /etc/httpd/conf/httpd.conf file you can change 
> the group apache runs as from apache to www (or whatever group you 
> want).  Then start up /etc/init.d/httpd as root for it to take effect 
> (at least that what it says in the httpd.conf file).
> 
> My question now is which is the better way?
> 
> I'll have to try both ways. :)

The two things are completely different.

Changing the group in /etc/httpd/conf/httpd.conf just changes group that 
apache runs as. It will not affect the permission bits of files created 
by the web server in any way, only the GID of those files (if you're 
using the SGID bit on a directory, the GID of newly-created files will 
be the same as the directory, otherwise, the GID of the running process).

Be careful about the UID/GID you run httpd as, and the 
UID/GID/permissions of the files on your system. Security-wise, the 
httpd should run with just enough permissions to be able to function 
correctly, i.e. it should not be able to write to most files, just read 
the files it's serving and write to files/directories that you want to 
be able to upload to.

Changing the umask to 002 will mean that newly-created files will have 
write permissions set for the UID and GID of the file.

Paul.