CentOS - Nov 2022 - set default permission to deployuser:deployuser for nfs common mount point /mnt/test

Thanks Emmett for the suggestion. I will keep you posted once it is done.
Thanks in advance.

On Sun, Nov 6, 2022 at 12:18 AM Emmett Culley via CentOS <centos at
centos.org>
wrote:
> On 11/5/22 9:18 AM, Kaushal Shriyan wrote:
> > Hi,
> >
> > I am running two GCP GCE VM instances running CentOS Linux release
> 7.9.2009
> > (Core) behind https load balancer. I am using
> > https://cloud.google.com/filestore#documentation to mount the nfs
server
> > common mount point to both client servers.
> >
> > #mount 10.0.0.2:/vol1 /mnt/test
> >
> > I did chown -Rc deployuser:deployuser (user:group) /mnt/test. When the
> php
> > code uploads any file to the /mnt/test folder, the file permission is
> owned
> > by php-fpm:php-fpm (user:group)
> >
> > Please guide and let me know how to set it to the default permissions
> > of deployuser:deployuser (user:group) for all files and folders
created
> in
> > nfs server common point /mnt/test.
> >
> > Thanks in advance.
> >
> > Best Regards,
> >
> > Kaushal
>
> Easiest (and possibly the only) way is to set GID bit on /mnt/test - chmod
> g+swx /mnt/test
>
> Then configure systemd to set the umask for apache and php-fpm.
>
> Create a file named umask.conf and add this to it:
>
> [Service]
> UMask=002
>
> Then copy that file to:
>
> /etc/systemd/system/httpd.service.d/umask.conf
> /etc/systemd/system/php-fpm.service.d/umask.conf
>
> You may have to create the two .service.d directories.
>
> Then run "systemctl daemon-reload" and restart apache and
php-fpm.
>
> I use the Remi repo to allow using different PHP versions and so also
> added that file to:
>
> /etc/systemd/system/php74-php-fpm.service.d/umask.conf
> /etc/systemd/system/php80-php-fpm.service.d/umask.conf
>
> Emmett
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

On Mon, Nov 7, 2022 at 8:50 AM Kaushal Shriyan <kaushalshriyan at
gmail.com>
wrote:
> Thanks Emmett for the suggestion. I will keep you posted once it is done.
> Thanks in advance.
>
>
Hi Emmett,

I have a follow up question regarding permissions. I am running a php
application hosted on the nginx version: nginx/1.22.0
using php74-fpm-7.4.32-1.el7.ius.x86_64  running on CentOS Linux release
7.9.2009 (Core)I have this folder
/var/www/html/gsmaidp/web/sites/default/files folder which is owned by
deployuser.

*drwrwsrwx 25 deployuser deployuser  4096 Nov  9 08:23 files*

#id deployuser
uid=1001(deployuser) gid=1002(deployuser)
groups=1002(deployuser),995(nginx),994(php-fpm)

ps aux | grep php
root     27692  0.0  0.0 473296 14648 ?        Ss   09:23   0:00 php-fpm:
master process (/etc/php-fpm.conf)
nginx    27693  0.0  0.1 475476 17980 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27694  0.0  0.1 475476 16440 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27695  0.0  0.1 475476 16412 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27696  0.0  0.1 475476 16420 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27697  0.0  0.1 475492 16428 ?        S    09:23   0:00 php-fpm:
pool www

ps aux | grep nginx
root      3392  0.0  0.0  51264  1368 ?        Ss   Oct21   0:00 nginx:
master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     3393  0.0  0.0  52356  4380 ?        S    Oct21   0:51 nginx:
worker process
nginx     3394  0.0  0.0  52396  4648 ?        S    Oct21   1:45 nginx:
worker process
nginx     3395  0.0  0.0  52488  4648 ?        S    Oct21   5:38 nginx:
worker process
nginx     3396  0.0  0.0  52500  4652 ?        S    Oct21   8:32 nginx:
worker process
nginx    27693  0.0  0.1 475476 17980 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27694  0.0  0.1 475476 16440 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27695  0.0  0.1 475476 16412 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27696  0.0  0.1 475476 16420 ?        S    09:23   0:00 php-fpm:
pool www
nginx    27697  0.0  0.1 475492 16428 ?        S    09:23   0:00 php-fpm:
pool www

Whenever any new files like images or pdf files or new subfolders created
inside /var/www/html/gsmaidp/web/sites/default/files folder by the php
application the files or subfolders have user and group ownership of nginx
user.

Is there a way to have ownership of all new files and subfolders to
deployuser created under /var/www/html/gsmaidp/web/sites/default/files. I
set SETGID (SET Group ID) flag of chmod as per below but the file is still
owned by nginx user.

#cd  /var/www/html/gsmaidp/web/sites/default/
#chmod g+s files

I also tried the ACL method but the new files and  subfolders are still
owned by nginx user.

#setfacl -Rdm u:deployuser:rwx,g:deployuser:rwx,o::rwx files
#setfacl -Rm u:deployuser:rwx,g:deployuser:rwx,o::rwx files

#ls -l  image15.png
-rw-rw-r--+ 1 nginx nginx  387071 Nov  9 08:27 image15.png

Do i need to run any add cron entry to have consistent ownership of
deployuser for all files and subfolders created under
/var/www/html/gsmaidp/web/sites/default/files
* * * * * root chown -R  deployuser.deployuser
/var/www/html/gsmaidp/web/sites/default/files

Am I missing anything above? Please guide me. Thanks in advance.

Best Regards,

Kaushal