To change umask in NGINX for www-data, follow the below steps in the article. Bobcares, as a part of our Server Management Services offers solutions to every query that comes our way.

How to change umask NGINX www-data?

With Linux or UNIX, a user creates a file or directory with default permissions. The system defaults are typically open or relaxed for file sharing purposes. For instance, if a text file has 666 permissions, everyone will have read and write access. Similar to this, everyone will have the read, write, and execute permission by a directory with 777 permissions.

Umask mode: The user file-creation mode mask, umask determines the file permission for newly created files. It can be used to modify the new file’s default file permissions. It is an octal four-digit number. We can specify or write an umask using octal values or symbolic values. We can use the umask command to set default file permissions on Linux and Unix-like machines.

In order to change the umask in NGINX for www-data, we should find the current shell’s umask value. Without any arguments, the $ umask command will show the current umask value for the shell.

• For a normal user, the default umask value is 002.
• For root users, the default umask value is 022.

How to override the default values?

We can definitely configure the umask value for all users in the /etc/bashrc or /etc/profile file. Most Linux distributions set it to 0022 (022) or 0002 (002) by default. To alter the system defaults, modify the HOME directory’s ~/.bashrc file.

To override the system settings for ALL USERS on any current Linux distribution, it is preferable to create or modify the /etc/profile.d/set-umask-for-all-users.sh file.

vi /etc/profile.d/set-umask-for-all-users.sh

Else, edit the personal ~/.bashrc or ~/.bash_profile file.

vi ~/.bashrc

On Linux, add/change the following line in order to create a new umask:

umask 022

When using vim/vi as a text editor, save and exit the document by hitting ESC+x. Changes become effective following the subsequent login. In their /etc/profile file, ~/.profile (Korn / Bourne shell) ~/.cshrc file (C shells), ~/.bash profile (Bash shell), or ~/.login file, all UNIX users have the ability to override the system umask defaults.

Change umask NGINX www-data

There are times when we need to grant access to a customer user to some files created by a web server with the owner www-data:www-data and default access mode 0644. We can add our user to the www-data group, however, this user is not granted write access to the web server’s generated files.

Solution:

1. Firstly, we must include the user in the www-data group using usermod -a -G www-data.

2. Then change umask for files generated by the web server from the usual 022 to 002. With umask 002, the web server will by default create new files with mode 0664 and directories with mode 0775. The users in the www-data group have permission to Write access to these files.

• Edit the /etc/apache2/envvars file for apache2 and add the umask 002 line at the top. Alternatively, if it exists already, replace 022 with 002.
• Edit /etc/init/php-fpm.conf for nginx + php-fpm and make the same modifications as for apache2.a.

[Are you looking for an answer to another question? We’re only one click away. ]

Conclusion

In this article, the method from our Tech team to change umask in NGINX for www-data is explained briefly along with a brief introduction to umask.