How to trace where php5-fpm umask settings are coming from on ubuntu

apache ubuntu php umask
danielmerriott picture danielmerriott · Jan 21, 2014 · Viewed 11.1k times · Source

I'd really appreciate any help in tracking down and diagnosing an umask issue on Ubuntu:

I'm running php5-fpm with Apache via proxy_fcgi. The process is running with a umask of 0022 (confirmed by having PHP send the results of umask() into a file [the result is '18' == 0022]). I'd like to change this to 0002, but can't track down where the umask is coming from.

Apache is set with umask 0002, and as a test, if I disable proxy_fcgi and run my test above, I get a file with u+g having rw access (and the file contents confirm the umask as '2' == 0002).

If I sudo -iu fpmuser and run umask the results are 0002.

System info:

  • PHP: 5.5.3-1ubuntu2.1
  • Apache: 2.4.6
  • Ubuntu: 13.10
  • PHP-PFM is listing using TCP ports (as Unix ports aren't yet working/support)

So far I've tried the following (each followed by a system restart and a retest):

  • adding umask 0002 to the start of /etc/init.d/php5-fpm
  • adding --umask 0002 into the start-stop-daemon calls in /etc/init.d/php5-fpm
  • adding umask 0002 to .profile in the home of the fpm user

Something is clearly adjusting the umask of the php-fpm process - so, how can I begin tracing what is forcing the umask 0022 onto the php-fpm process?

EDIT (1):

  • adjusting the system wide umask via /etc/login.defs (see How to set system wide umask?) affects the umask elsewhere (e.g. comannds via sudo now have a umask of 0002), but still php-fpm creates files with a umask of 0022. Note that I verified that session optional pam_umask.so was also present in /etc/pam.d/common-session-noninteractive and I tested umasks of 002 and 0002.

EDIT (2):

  • I have been able to replicate the issue using nginx and php5-fpm (using unix sockets set to listen mode '0666').
  • I would love to trace where the umask is coming from but I'd settle for some way to force it to what I want.
  • I should add that the first test was done on an Amazon Ubuntu 13.10 image. My tests in 'edit 2' where completed using a copy of the Ubuntu13.10 server ISO setup from scratch in a virtual machine. All installations were completed via apt-get rather than by downloading the source and building.

EDIT (3):

  • I have confirmed I can manipulate the umask manually by either of the following (verified by checking the permissions on the test file created):

    a. In a shell, set a umask then run /usr/sbin/php-fpm from the shell

    b. In a shell, run the following with whatever umask value I like:

     start-stop-daemon --start --quiet --umask 0002 --pidfile /var/run/php5-fpm.pid --exec /usr/sbin/php5-fpm -- --daemonize --fpm-config /etc/php5/fpm/php-fpm.conf

  • However this exact same command in the /etc/init.d/php5-fpm file fails to adjust the umask when running sudo service php5-fpm stop; sudo service php5-fpm start or at reboot.

Answer

danielmerriott picture danielmerriott · Jan 23, 2014

Not a solution for generically tracing where umask settings are coming from on ubuntu (the only way I've found so far is the good old hard work approach of replicating the issue, attempting to isolate it to a script or a function, then stepping back through each script/function that is called recursively) but a solution to the php5-fpm umask issue. I've found a lot of hits on google, stackoverflow, and elsewhere for the problem, but so far no solution. Hopefully this is useful for people.

Edit /etc/init/php-fpm.conf to include the line umask 0002 (or whatever umask you wish). My version of the file now looks like this:

# php5-fpm - The PHP FastCGI Process Manager

description "The PHP FastCGI Process Manager"
author "Ondřej Surý <[email protected]>"

start on runlevel [2345]
stop on runlevel [016]

### my edit - change umask setting
umask 0002

pre-start exec /usr/lib/php5/php5-fpm-checkconf

respawn
exec /usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf

Explanation

Having traced through the service command which launches php5-fpm at startup, it runs some checks (line 118 on my copy) for /etc/init/${SERVICE}.conf, along with verifying initctl is present and can report it's version. If these tests are passed then upstart is used which in the case of php5-fpm uses the /etc/init/php-fpm.conf file.

The ubuntu upstart site gives pretty clear instructions. In particular you can check out the upstart cookbook for the specifics you need.

As best I can work out that means that therefore the 'service' command was never actually running the start-stop-daemon … commands found in /etc/init.d/php5-fpm which is why my previous edits were having no effect. Instead it passes off to upstart (actually initctl) when you use something like service php5-fpm start, etc.

Related questions

Getting a 500 Internal Server Error on Laravel 5+ Ubuntu 14.04

I have installed Laravel many times on Windows OS but it never occurred this type of problem. This 500 internal server usually occurs when your "mod_rewrite" module is not turned on. However, on Ubuntu 14.04 this problem is giving me a …

Read More
Completely removing phpMyAdmin

I installed virtualmin and phpmyadmin separately using the apt-get command. phpMyAdmin didn't work because of Virtualmin's security settings (suexec). When I visit mydomain.com/phpmyadmin, it would download the whole PHP page instead of execute it. I tried disabling suexec …

Read More
PHP Fatal error: Call to undefined function json_decode()

Apache is logging PHP Fatal error: Call to undefined function json_decode(). After some googling, it seems this problem is a result of not having the latest version of php. Oddly, running php --version ouputs PHP 5.5.1-2+debphp.org~precise+2 (…

Read More