Submitted by moimichel on Thu, 01/13/2011 - 10:30
Hi.
I have changed my linux server ubuntu release from 10.04 to 8.04 because I need PHP 5.2 (ubuntu 8.04) and not 5.3 (ubuntu 10.04). I have noticed the following difference: when uploading a file within drupal the file permission to that file was 644 on ubuntu 10.04. Now with ubuntu 8.04 the file permission is 600. Version of drupal is obviously the sameon both system: 6.20.
- Which parameter has changed from ubuntu 10.04 to ubuntu 8.04?
- Is it an apache parameter? a php parameter?
Thanks in advance.
Michel.
Status:
Closed (fixed)
Comments
Submitted by andreychek on Thu, 01/13/2011 - 10:45 Comment #1
Howdy -- I'm unfortunately not certain what might cause that.
One thing to look into would be what PHP execution mode is in use. In theory, if it's CGI or FCGID, it actually shouldn't matter since PHP is being run as the Virtual Server owner. You can determine that by looking in Server Configuration -> Website Options.
However, if the PHP execution mode is different, that could be causing the change you're seeing.
Submitted by moimichel on Thu, 01/13/2011 - 10:51 Comment #2
In both system (10.04 and 8.04) the PHP execution mode is the same: FCGID.
Submitted by andreychek on Thu, 01/13/2011 - 11:00 Comment #3
If you look at $HOME/fcgi-bin/php5.fcgi, do you see a "umask" line listed in there? If so, what is it set to?
Also, just as an experiment, you might try changing the PHP Execution mode to CGI to see if that somehow makes a difference.
Submitted by moimichel on Thu, 01/13/2011 - 11:20 Comment #4
the umask value is 022 which I think is correct. Which difference does it make to change to CGI execution mode?
Submitted by andreychek on Thu, 01/13/2011 - 11:42 Comment #5
Yeah, having 022 for the umask sounds correct.
I don't actually think changing to CGI will help, it was more a shot in the dark :-)
I'm honestly not sure what would cause the behavior you're seeing... I don't see any php.ini values that might cause that, and setting the umask to 022 should be the correct default.
The only other thing I can think of that might cause this would be a Drupal setting. Is it possible there's a Drupal setting that's causing the issue?
For example, when I search on that particular problem, I run into this Drupal.org post here:
http://drupal.org/node/279384#comment-1954998
I'd be curious if that helps in getting things straightened out.
Submitted by moimichel on Thu, 01/13/2011 - 12:05 Comment #6
There is quite a lot of litterature about file permissions on drupal forum.
I can surely change some settings in drupal to make it work the right way, but that is not what I want to do.
I would like to understand why it was working ok on ubuntu 10.04 and not on 8.04?
I have noticed that in ubuntu 8.04 there are 2 files php5.fcgi:
one in the public_html directory and anoyher one in fcgi-bin directory!! why?
Which one should I keep?
Submitted by andreychek on Thu, 01/13/2011 - 12:41 Comment #7
The copy that is normally used is $HOME/fcgi-bin/php5.fcgi.
I believe the other php5.fcgi resolved a bug on some distributions... you could always try renaming the alternate .fcgi file and verifying that things continue to work as expected.
As far as creating that file with the expected permissions goes -- what happens if you run this command on your server as the Virtual Server owner (not as root):
php -r '$file_name = "test_file.txt"; $file_handle = fopen($file_name, 'w'); fclose($file_handle);'That command will use PHP to create a file called "test_file.txt". Once that is created, take a look at the permissions of the file -- what permissions do you see? Is it 644 or 600?
Submitted by moimichel on Fri, 01/14/2011 - 01:21 Comment #8
test_file.txt has been created with 644 file permission.
Submitted by andreychek on Fri, 01/14/2011 - 12:45 Comment #9
It looks like your FCGI wrapper settings are correct, and that when using PHP to create files, it's correctly setting the file permissions to 644.
I'm not sure of any other Apache, PHP, or Ubuntu setting that might be causing what you're seeing at the moment, as those all appear correct.
The problem is that it's ultimately Drupal that's creating the file, and Drupal gets to choose the permissions those files are created with... it's possible that for whatever reason, the defaults of how it's creating those files are different between your old distribution and your new one. I'm not sure why that would be, but that seems to be what's happening.
One other possibility is that on Ubuntu 10.04, there's a problem that causes it to run under mod_php by default, even if the website is set to use FCGID. So it's possible your old server was using mod_php, which could potentially have affected the permissions of how files were created.
Either way -- since we've seen that PHP is by default creating files with the correct permissions, my recommendation would be to configure Drupal to change the permissions it uses to create files.
Submitted by moimichel on Wed, 01/19/2011 - 15:04 Comment #10
I have made a test: I have created a new website with mod_php (not FCGId) and everything works perfectly - files are created by drupal with correct (644) permissions. Why is that difference between mpd_php and FCGid mode? Can I adjust anything in php configuration to work under FCGid mode? Do you recomand me to use mod_php and forget the other mode?
Thanks.
Submitted by andreychek on Wed, 01/19/2011 - 15:39 Comment #11
Chances are that when you were using Ubuntu 10.04, that you were inadvertently using mod_php. That's due to a setup problem that caused mod_php to be used in all circumstances. That issue has since been corrected, but that likely explains why it worked the way you wanted previously.
While I don't know the specifics, the issue you're seeing is likely related to a default in how files are created in mod_php vs FCGID/CGI. This may be due to the different user PHP scripts are being run as, though again I'm not really sure.
By default, the php.ini files for mod_php, fcgid/cgi, and the cli are all identical (which you can diff if you like, in /etc/php5 -- just to be sure that's the case on your system).
You aren't the only one running into this issue though... there's an open Drupal bug about other folks running PHP in FCGID/CGI mode who are seeing it create uploaded files with 600 permissions. You can see that bug report here:
http://drupal.org/node/203204
When Drupal puts the uploaded file on the filesystem, it's up to it to create it with the correct permissions. That bug report details how they did get that fixed on Drupal version 7.x, and it looks like they provided a patch for making that work on Drupal 6.x.
So, to correct the issue you're seeing -- one option is to move to mod_php (which is less secure).
Another option is that if you have Drupal 6.x, you can work with the Drupal folks to patch your Drupal installation with a patch that resolves the issue.
Or, you always have the option to upgrading to Drupal 7.x, which according to that bug report, has had a fix applied to it that corrects the issue.
Based on the details of the Drupal bug report, it doesn't sound like there's a simple tweak that corrects the issue when running under PHP in FCGID/CGI mode, it sounds like it's an issue of Drupal creating the file with the wrong permissions.
Before making any big changes to your live site, I'd of course suggest setting up a test environment to test out the changes to make sure they work as expected :-)
Submitted by moimichel on Thu, 01/20/2011 - 10:23 Comment #12
Thanks for your rich answer full of informations.