why apache still write files it did have permissions to after I exclude it from the group that has permission when it was running

Question

On the server, I have a file called upload and its state was as follows:

drwx--x--- 12 bob bob 4096 JUL 20 19:07 upload

I use this file to be the destination file of the PHP function move_uploaded_file's second argument to store the uploaded files.

So in order to get apache this permission to move files from /tmp to my upload, I add apache to the bob group, so it has the permission. apache is the user the apache is running as.

But if I exclude apache from the group bob using usermod, I can still upload files which means apache still have permissions like it's still in the group but obviously it isn't.

Uploading files will fail only when I

chmod -R 700 upload

or whenever I

service httpd restart

I don't know where I've missed in this.

Seems to me, usermod will only apply permission changes after restarting apache.

Thanks in advance for helping me.

score 3 · Accepted Answer · answered Jul 20 '13 at 13:41

3

This is expected behaviour, the usermod command only changes the account files

The usermod command modifies the system account files to reflect the changes that are specified on the command line.

The apache process will be granted it's privileges when it is started, based on the information in the relevant account files, it will retain them till it is restarted.

answered Jul 20 '13 at 13:41

user9517

114,104
20
206
289

then why chmod works? chmod isn't modifying the files to reflect the change? – longtengaa Jul 20 '13 at 13:48
@Lucaz: Perhaps you should read some docs on [unix file system permissions](http://en.wikipedia.org/wiki/Filesystem_permissions), the you'll know the answer to your comment. – user9517 Jul 20 '13 at 13:53

why apache still write files it did have permissions to after I exclude it from the group that has permission when it was running

1 Answers1