Page MenuHomePhabricator

Add phd.umask option to set umask for phd daemons

Authored by vinzent on Feb 19 2015, 10:18 AM.
Referenced Files
Unknown Object (File)
Thu, Nov 24, 2:55 AM
Unknown Object (File)
Thu, Nov 24, 2:55 AM
Unknown Object (File)
Tue, Nov 15, 9:03 AM
Unknown Object (File)
Tue, Nov 15, 6:17 AM
Unknown Object (File)
Mon, Nov 14, 3:26 PM
Unknown Object (File)
Sat, Nov 12, 2:05 PM
Unknown Object (File)
Wed, Nov 9, 8:38 AM
Unknown Object (File)
Wed, Nov 9, 8:37 AM


Group Reviewers
Blessed Reviewers

Some systems have a restrictive default umask of 077 which removes group read rights from newly created repositories. This prevents the apache user from accessing the files/directories.

The phd.umask option lets a user override the systems umask for the phd processes.

Test Plan
  • set phd.umask to 027 (octal)
  • check with gdb (call umask(0)) that the Taskmaster process has umask 23 (integer)
  • restart daemons, create new repo, check that newly created repo has group read rights
  • remove phd.umask config, restart daemons, check with gdb that the daemons have system umask (077, octal) again

Diff Detail

rP Phabricator
Lint Errors
Errorsrc/applications/settings/panel/PhabricatorAccountSettingsPanel.php:67PHL1Unknown Symbol
Errorsrc/infrastructure/env/PhabricatorEnv.php:138PHL1Unknown Symbol
Errorsrc/infrastructure/env/PhabricatorEnv.php:139PHL1Unknown Symbol
Errorsrc/infrastructure/internationalization/translation/PhabricatorBritishEnglishTranslation.php:4PHL1Unknown Symbol
Errorsrc/infrastructure/internationalization/translation/PhabricatorUSEnglishTranslation.php:4PHL1Unknown Symbol
Errorsrc/infrastructure/internationalization/translation/PhabricatorVeryWowEnglishTranslation.php:4PHL1Unknown Symbol
No Test Coverage
Build Status
Buildable 4561
Build 4575: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

vinzent retitled this revision from to Add phd.umask option to set umask for phd daemons.
vinzent updated this object.
vinzent edited the test plan for this revision. (Show Details)
epriestley added a reviewer: epriestley.

See T7475. See T8227.

  • The lint errors are your fault, and the message includes instructions on how to resolve them. Specifically, your libphutil/ is out of date. Refer to the first bullet point in the message.
  • Unless you have a very compelling, bizarre use case, this should always use a 022 umask.
  • This should apply to all libphutil daemons, not only those launched via Phabricator. The right place to set this is probably the startup phase of PhutilDaemonOverseer.
This revision now requires changes to proceed.May 17 2015, 2:34 PM

resetting umask without an option as stated in T7475 would work too.

I would not set umask 022 for repository data. 022 is IMHO a workaround for not correctly using groups.

I'll support your wish for not introducing new options. But on different companys there are different (required) standards for umasks. Some are on the easy path (022 ok) and some are on the paranoid side (077).