0

I have the umask set up on my Apache2 server using umask 002. This is added to the end of /etc/apache2/envvars during the docker container build.

I have the following script to test:

// Create file
if ($fp = fopen(time() . '.txt', 'w')) {
    fwrite($fp, 'This is a simple test.');
    fclose($fp);
    echo "done";
} else {
    echo "error - cannot create file";
}

// Generate error
error_log("This be an error", 0);

This creates 2 files: error_log_dev (as set in my php.ini) and 1520215096.txt. The permissions for each of these files are as follows:

-rw-rw-r--  1 www-data www-data   22 Mar  5 11:58 1520215096.txt
-rw-r--r--  1 www-data www-data   55 Mar  5 11:58 error_log_dev

Why would the error log not be abiding by the umask but fopen() does?

Wildcard27
  • 131
  • 6
  • Oh, I missed that bit. OK, I suspect you should read https://askubuntu.com/a/147065/75668 – Michael Hampton Mar 05 '18 at 04:16
  • @MichaelHampton Thanks Michael. What I take away from that is I need to run `service apache2 stop` and then `service apache2 start`. The problem is, that will kill the docker image. Any suggestions? – Wildcard27 Mar 05 '18 at 22:21
  • Debian builds of a lot of software do very strange things, and you've run into one of them. You'll likely need to set the umask in your own docker-entrypoint script. – Michael Hampton Mar 05 '18 at 23:30
  • @MichaelHampton You mean set the umask system-wide on init? – Wildcard27 Mar 07 '18 at 09:07
  • Are you not building a Docker container?! Your question states that you are. – Michael Hampton Mar 07 '18 at 16:35
  • Sorry @MichaelHampton, I wasn't specific. Do you mean that I should set the umask for the entire container? E.g. in the dockerfile: `RUN umask 0002`? – Wildcard27 Mar 08 '18 at 01:19
  • No, I meant what I said. If you aren't running a script, just exactly what are you running in the container? – Michael Hampton Mar 08 '18 at 01:20
  • The container is just a simple extension from `php:5.6-apache`. It runs a script called `apache2-forground`. You mean to put it in there? – Wildcard27 Mar 08 '18 at 01:22
  • 1
    If that's the script you call from CMD/ENTRYPOINT, then yes. – Michael Hampton Mar 08 '18 at 01:24
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/74182/discussion-between-wildcard27-and-michael-hampton). – Wildcard27 Mar 08 '18 at 03:35

0 Answers0