Apache server exception caused by setting umask in rhl
Source: Internet
Author: User
Rhl sets umask to cause apache server exceptions on a rhl server in a production environment. according to the suggestions of the 3rd-party security company, one of the following settings is performed: vi/etc/profilevi/etc/csh. loginvi/etc/csh. cshrcvi/etc/bashrcwww.2cto.com in...
Rhl sets umask to cause apache server exceptions on a rhl server in a production environment. according to the suggestions of the 3rd-party security company, one of the following settings is performed: vi/etc/profilevi/etc/csh. loginvi/etc/csh. cshrcvi/etc/bashrc www.2cto.com added umask 027 to the above file. we know the role of umask and set the default initial permissions for creating directories and files for system users. according to the working principle of umask, after this parameter is set, the default permission for the created directory or file is 777-027 = 750. Note that the last 0 is the permission setting for other, it seems that there is no problem, for security! Www.2cto.com, however, the unfortunate reminder is that there is no comprehensive consideration and a problem occurs on an apache server. the specific phenomenon is that the customer reports cannot view the uploaded image (apache File Server ), because another colleague configured this parameter, but I don't know, I found no problems after logging on to the server and using mkdir and touch several files, the only problem is that the permissions of the new file are different from those of the existing one, that is, the permissions of the other column are missing. only some files have the r permissions of the other, the time for discovering this problem is relatively short (within 5 minutes, including arguing with colleagues who configured this parameter through hands-on operations. it's a bit insightful, or not? Downtime ?? Is it cool? Do you mean to raise a dream ??? Too many? Pache, so that the last file can be browsed normally. for files that have been uploaded but cannot be browsed, batch execution of chmod o + x *. jpg also solves the problem. Now, the cause is as follows: 0. the default permissions for creating new directories and files by the system are modified; 1. because apache running users are independent nologin users (such as nobody or apache), the focus is on. for security reasons, apache generally does not log in with a normal system account, although the root user is used to start apache, the real internal operation is the nologin user. the root user is of course in the other group, so he has no r permission, therefore, you cannot normally browse the uploaded images. as to why the images can be uploaded, this is because the directory has the x permission. -The End-by gtlions
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.