Trying to set umask for a virtual guest

gstlouis · November 17, 2025, 7:28pm

SYSTEM INFORMATION
OS type and version	debian 12
Webmin version	2.520
Virtualmin version	7.50.0 GPL
Webserver version	Apache/2.4.65 (Debian)
Related packages	SUGGESTED

I have apache2 with php FPM setup and guest have ownership

I’ve enabled webdav of some folders for a client. When connected and upload files and folders they get created.

So when I do mkdir() I have 2770 for the bit when creating folders, this way webdav running as apache will create files and folders under the owner group, and www-data as user.

My problem is I can’t get www-data user to create these folders as 770 so this way in my web app, the php user running as the owner can write/delete to the folder. It is witting permissions as drwxr-sr-x

When searching online I only get you must change the umask and I’ve tried all sort of strings in vim /etc/php/8.4/fpm/pool.d/thispool.conf and I just can’t get it working.

Does anyone have any experience on changing umask to have www-data chmod permissions to 770?

ID10T · November 18, 2025, 5:00pm

What are the permissions of the parent directory. I have some vague recollection that permissions have to be allowed above.

gstlouis · November 18, 2025, 5:57pm

excellent questions, AI pointed that out for me. However, it did not make a difference.
sorry I did not mention it.

my parent folder permissions are:
drwxrws—

ID10T · November 18, 2025, 6:01pm

Great. Now I’m officially as useless as AI.

gstlouis · November 18, 2025, 6:08pm

lol
trust me, AI sent me down some rabbit holes Tshooting this. I’ll have to revisit to ensure I had the correct conditions etc.

I wish I could get paid just trial and erroring stuff like this I’d probably document it better!

gstlouis · November 19, 2025, 7:35pm

ok so I got this working, finally. You have to edit/create an override for both apche2 and your fpm version ex. php8.4-fpm

vim /etc/systemd/system/apache2.service.d/override.conf
vim /etc/systemd/system/php8.4-fpm.service.d/override.conf

both files need

[Service]
UMask=0007

systemctl daemon-reload (itll tell you if you try restart apache2 first)
systemctl restart php8.4-fpm
systemctl restart apache2

In my php I can see umask is 7 using this to see that PHP’s umask is good

<?php echo decoct(umask()); ?>

To ensure apache2 is ok with the override you look for Drop-in in systemctl status apach2

    Drop-In: /etc/systemd/system/apache2.service.d
             └─override.conf

And you’re not done, as @ID10T mentioned, this is still subject to the parent, so ensure you create parent with gidbit php mkdir(location,02770) so that apache creates with inherited group w good permissions, and how virtualmin sets up www-data is that it adds the owners group to www-data.

This also does not seem to affect virtualmin when creating folders

system · November 27, 2025, 7:36pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.