I'm running php5-fpm
with nginx
connected via port (not socket). It's stock Debian Jessie with all packages installed via apt-get
.
I'm trying to change default umask for www-data user that php5-fpm
is using from 0022
to 0002
to allow group write permissions. I've tried:
- editing
/etc/init.d/php5-fpm
init script and adding --umask 0002
to the start-stop-daemon
call, but it was ignored;
- adding
umask 0002
to /var/www/.profile
as /var/www
is a home directory for www-data
user, but it didn't help (I'm not surprised).
- I'm not using
upstart
so this solution is not for me.
Also, no matter what I've tried, the command sudo -u www-data bash -c umask
always returns 0022
.
I was able to set the umask for php5-fpm
service by editing it's unit.service
file as suggested here and here. The complete and working solution for Debian 8 is this:
- Manually edit
/etc/systemd/system/multi-user.target.wants/php5-fpm.service
file and add UMask=0002
line inside [Service]
section.
- Run command
systemctl daemon-reload
- Run command
systemctl restart php5-fpm.service
Now the service file looks like this:
[Unit]
Description = The PHP FastCGI Process Manager
After = network.target
[Service]
Type = notify
PIDFile = /var/run/php5-fpm.pid
ExecStartPre = /usr/lib/php5/php5-fpm-checkconf
ExecStart = /usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf
ExecReload = /bin/kill -USR2 $MAINPID
; Added to set umask for files created by PHP
UMask = 0002
[Install]
WantedBy = multi-user.target
Note that:
- You can not use
systemctl edit php5-fpm.service
command as edit
option was introduced in systemctl
version 218 but Debian 8 ships with version 215.
- Adding
*.conf
file as suggested in comments for this answer did not work for me, but maybe I messed up something (comments are welcome for this as editing unit file is not something that I feel comfortable with).