Hi Igor This is my actual configuration, I'm using as Wrapper de php-cgi. <IfModule mod_fcgid.c> AddHandler fcgid-script .fcgi FcgidWrapper /usr/bin/php-cgi .fcgi FcgidIPCDir /opt/itsat/var/run/fastcgi/fcgidsock DefaultInitEnv PHPRC "/opt/itsat/etc/" FcgidConnectTimeout 100 FcgidMaxRequestsPerProcess 1000 IPCConnectTimeout 100 FcgidMaxProcesses 10 FcgidMaxRequestLen 1572864000 </IfModule>
If tested to change php-cgi by php-cgi-wrapper and I've created an script who makes umaks before exec php-cgi but didn't work. I think mod_fcgid is doing UPLOAD (handling file transfer) by itself to /tmp before process "/usr/bin/php-cgi " have been spawned, is because of that your suggested bypass doesn't work. Why mod_fcgid is changing umask ? A bug maybe ? Thanks a lot!! . 2012/12/11 Igor Cicimov <icici...@gmail.com> > > On 11/12/2012 11:05 PM, "Toni Moreno" <toni.mor...@gmail.com> wrote: > > > > Hi Igor!! Thanks a lot for your answer, but I think is not the correct > one, becaouse as I said before user "itsat" is already running with correct > umask, and apache is running with this umask. The same apache instance is > running mod_php and mod_fcgid. When files are created from mod_php > default permissions (644) are different from those created from > mod_fcgid ( 600). > > > > Why mod_fcgid changes umaks ? > > > > > > PERMISSIONS MOD_PHP+APACHE = (644) > > > > [ITSAT][toni-itsatdev].root:/opt/itsat/var/log > ls -ltr > > total 112 > > -rw-r--r-- 1 itsat itsatadm 407 Dec 11 12:54 itsat.log > > -rw-r--r-- 1 itsat itsatadm 2668 Dec 11 12:54 itsat-web.log > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsm.log > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-tsim.log > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 12:54 itsat-remote.log > > > > PERMISSIONS MOD_FCGID + APACHE ( 600 ) > > > > itsat@test:/tmp$ ls -ltr > > total 252 > > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD > > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa <- > CREATED ON UPLOAD FILE with mod_fcgid > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo > > drwx------ 2 root root 100 Dec 11 08:51 vmware-root > > > > > Then use wrapper script to set umask for fcgid. See FcgidWrapper for > details. > > > > > 2012/12/11 Igor Cicimov <icici...@gmail.com> > >> > >> > >> On 11/12/2012 10:42 PM, "Igor Cicimov" <icici...@gmail.com> wrote: > >> > > >> > > >> > On 11/12/2012 9:33 PM, "Toni Moreno" <toni.mor...@gmail.com> wrote: > >> > > > >> > > Hi to all ,and sorry form my poor English. > >> > > > >> > > I have a problem when trying upload files and handle it with > mod_fcgid. > >> > > > >> > > The fact is I'm running apache 2.2.16 on debian and runing it as > user "itsat" which have "0022" umask. ( user "itsat" creates files in 644 > >> > > > >> > > >> > Put umask 022 in the /etc/apache2/envvars file. > >> > > >> Or call umask from your cgi script if you like better. Or chmod the > file from the cgi script after uploading as another option. In these cases > the change will not be global in apache. > >> > >> > > itsat@test:/tmp$ touch foo > >> > > itsat@test:/tmp$ ls -ltr > >> > > total 252 > >> > > drwxrwxrwt 2 root root 40 dic 11 08:51 VMwareDnD > >> > > drwx------ 2 root root 100 dic 11 08:51 vmware-root > >> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:02 foo > >> > > > >> > > But when doing an "upload" ( from any browser) the mod_fcgid > creates a tmp file with 600 permissions !! ( an lots of problems after > because I can not read it from a CGI program who expects 644 permissions. > >> > > > >> > > > >> > > itsat@test:/tmp$ ls -ltr > >> > > total 252 > >> > > drwxrwxrwt 2 root root 40 Dec 11 08:51 VMwareDnD > >> > > -rw------- 1 itsat itsatadm 245806 Dec 11 11:03 fcgid.tmp.PEozaa > >> > > -rw-r--r-- 1 itsat itsatadm 0 Dec 11 11:20 foo > >> > > drwx------ 2 root root 100 Dec 11 08:51 vmware-root > >> > > > >> > > > >> > > Can anybody help me to change this behavior on apache/mod_fcgid ? > >> > > > >> > > Thanks!!! > >> > > > >> > > -- > >> > > > >> > > Att > >> > > > >> > > Toni Moreno > >> > > > >> > > 699706656 > >> > > > >> > > > >> > > > >> > > > >> > > Si no quieres perderte en el olvido tan pronto como estés muerto y > corrompido, > >> > > > >> > > escribe cosas dignas de leerse, o haz cosas dignas de escribirse. > >> > > > >> > > > >> > > > >> > > Benjamin Franklin > >> > > > >> > > > > > > > > > > > > -- > > > > Att > > > > Toni Moreno > > > > 699706656 > > > > > > > > > > Si no quieres perderte en el olvido tan pronto como estés muerto y > corrompido, > > > > escribe cosas dignas de leerse, o haz cosas dignas de escribirse. > > > > > > > > Benjamin Franklin > > > > > > -- Att Toni Moreno 699706656 *Si no quieres perderte en el olvido tan pronto como estés muerto y corrompido, * *escribe cosas dignas de leerse, o haz cosas dignas de escribirse.* *Benjamin Franklin*