Set a umask (optional)
- Topics:
- Install
- Configuration
CREATED FOR:
- Experienced
- Admin
- Developer
The web server group must have write permissions to certain directories in the file system; however, you might want tighter security, especially in production. We provide the flexibility for you to further restrict those permissions using a umask.
Our solution is to enable you to optionally create a file named magento_umask
in your application root directory that restricts permissions for the web server group and everyone else.
The default umask (with no magento_umask
specified) is 002
, which means:
-
775 for directories, which means full control by the user, full control by the group, and enables everyone to traverse the directory. These permissions are typically required by shared hosting providers.
-
664 for files, which means writable by the user, writable by the group, and read-only for everyone else
A common suggestion is to use a value of 022
in the magento_umask
file, which means:
- 755 for directories: full control for the user, and everyone else can traverse directories.
- 644 for files: read-write permissions for the user, and read-only for everyone else.
To set magento_umask
:
-
In a command-line terminal, log in to your application server as a file system owner.
-
Navigate to the application installation directory:
cd <Application install directory>
-
Use the following command to create a file named
magento_umask
and write theumask
value to it.echo <desired umask number> > magento_umask
You should now have a file named
magento_umask
in the<Magento install dir>
with the only content being theumask
number. -
Log out and log back in as the file system owner to apply the changes.
More help on this topic
Commerce
- Overview
- System requirements
- Prerequisites
- Quick start installation
- Advanced installation
- Post-installation steps
- Tutorials
- Backup and rollback the file system, media, and database
- Check the database status
- Configure message consumer behavior
- Configure the lock provider
- Configure the store
- Create, edit, or unlock admin accounts
- Create or update the deployment configuration
- Create the database schema
- Display or change the Admin URI
- Enable or disable maintenance mode
- Enable or disable modules
- Install an extension
- Install Commerce
- Modify docroot to improve security
- Uninstall language packages
- Uninstall modules
- Uninstall or reinstall Commerce
- Uninstall themes
- Upgrade the database schema
- Return to Operational Guides