Apache server exception caused by setting umask in rhl

Source: Internet
Author: User


Rhl sets umask to cause apache server exceptions on a rhl server in a production environment. According to the suggestions of the 3rd-party security company, one of the following settings is performed: vi/etc/profilevi/etc/csh. loginvi/etc/csh. cshrcvi/etc/bashrc www.2cto.com added umask 027 to the above file. We know the role of umask and set the default initial permissions for creating directories and files for system users. According to the working principle of umask, after this parameter is set, the default permission for the Created directory or file is 777-027 = 750. Note that the last 0 is the permission setting for other, it seems that there is no problem, for security! Www.2cto.com, however, the unfortunate reminder is that there is no comprehensive consideration and a problem occurs on an apache server. The specific phenomenon is that the customer reports cannot view the uploaded image (apache File Server ), because another colleague configured this parameter, but I don't know, I found no problems after logging on to the server and using mkdir and touch several files, the only problem is that the permissions of the new file are different from those of the existing one, that is, the permissions of the other column are missing. Only some files have the r permissions of the other, the time for discovering this problem is still relatively short (within 5 minutes, including the debate with colleagues who configured this parameter in hands-on operations. It's a bit insightful, or else it's too big ), so I immediately asked my colleague to restore the above configuration file, and then restart apache, so that the last file can be browsed normally. For files that have been uploaded but cannot be browsed, execute chmod o + x * in batches *. jpg is also fixed. Now, the cause is as follows: 0. The default permissions for creating new directories and files by the system are modified; 1. Because apache running users are independent nologin users (such as nobody or apache), the focus is on. For security reasons, apache generally does not log in with a normal system account, although the root user is used to start apache, the real internal operation is the nologin user. The root user is of course in the other group, so he has no r permission, therefore, you cannot normally browse the uploaded images. As to why the images can be uploaded, this is because the directory has the x permission. -The End-by gtlions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.