Recommended umask permission setting

[thelunny]

May I know what is the recommended umask value for a shared environment using LiteSpeed? I realise Litespeed is not able to read the docroot if the permission is anything below 755.

Can we set it to 700 but still allow Litespeed to read it? Can we load apache's mod_ruid2 module for this purpose?

What are the ways the improve file permission security for a shared environment?

 

[NiteWave]

you can set those permissions in lsws admin console:
Server->Security->File Access

 

[thelunny]

Good to have this as a feature on Litespeed. However, I tried setting the Required Permission Mask to 077, it doesn't work? I'm looking to only serve files of 700 permission.

Do I need to set the Restricted Permission Mask as well?

How does this Required Permission Mask and Restricted Permission Mask works? Couldn't catch much through the documentations. Mind explaining this a little on how Litespeed does the checks?

Thank you!

 

[webizen]

Required Permission Mask means only if file permission matches with permission mask defined (see (man 2 stat) for all values), file gets served.

Restricted Permission Mask means if file permission matches with permission mask defined, file can not be served.

For shared hosting environment, you can remove everything for others. i.e., have each file with 750(or 640) permission and owner:webserver ownership.