Changing Umask Leads to mod_fcgid errors

Discussion in 'Installation/Configuration' started by fatbear, Dec 30, 2012.

  1. fatbear

    fatbear ISPConfig Developer ISPConfig Developer

    To enhance security, I changed my system umask in /etc/profile to 007. After this, creating new websites would no produce websites that could use PHP. I got errors such as:

    Code:
    [Sun Dec 30 09:13:25 2012] [warn] [client 184.82.147.162] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
    [Sun Dec 30 09:13:25 2012] [error] [client 184.82.147.162] Premature end of script headers: index.php
    I tracked the problem down to the entries in the /var/www/php-fcgi-scripts directory that were now created with 750 instead of 755 mode. Once I manually changed the entries back to 755, everything worked again.

    In looking at the code, I see in:

    /usr/local/ispconfig/server/plugins-enabled/apache2_plugin.inc.php

    on line 958:

    exec('chmod 755 '.$fcgi_starter_script);

    That is fine for modifying the mode of the .php-fcgi-starter file, but the directory is created on line 925 and is created with the default umask. That's the problem. So, before this line, I inserted:

    umask(022);

    and all worked again.

    Perhaps this umask should be in a more global or earlier location. Can any of the devs suggest a more permanent fix?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    In ISPConfig 3.0.5 RC1, the umask is set globally in the server.sh script for the ispconfig proces, so your problem can not accur in the latest ispconfig version.
     
  3. fatbear

    fatbear ISPConfig Developer ISPConfig Developer

    Hi Till,

    Thanks for the reply. It's good to know. Of course, I tend to only update to stable versions and the current stable version is 3.0.4.6. Do you know when the 3.0.5 version will become the stable version?

    Again, thanks!
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats recommended, do not use a beta or rc on production systems.

    In january.
     

Share This Page