How to set umask for php5-fpm on Debian?

Question

I'm running php5-fpm with nginx connected via port (not socket). It's stock Debian Jessie with all packages installed via apt-get.

I'm trying to change default umask for www-data user that php5-fpm is using from 0022 to 0002 to allow group write permissions. I've tried:

• editing /etc/init.d/php5-fpm init script and adding --umask 0002 to the start-stop-daemon call, but it was ignored;
• adding umask 0002 to /var/www/.profile as /var/www is a home directory for www-data user, but it didn't help (I'm not surprised).
• I'm not using upstart so this solution is not for me.

Also, no matter what I've tried, the command sudo -u www-data bash -c umask always returns 0022.

Answer 1

I was able to set the umask for php5-fpm service by editing it's unit.service file as suggested here and here. The complete and working solution for Debian 8 is this:

1. Manually edit /etc/systemd/system/multi-user.target.wants/php5-fpm.service file and add UMask=0002 line inside [Service] section.
2. Run command systemctl daemon-reload
3. Run command systemctl restart php5-fpm.service

Now the service file looks like this:

[Unit]
Description = The PHP FastCGI Process Manager
After = network.target

[Service]
Type = notify
PIDFile = /var/run/php5-fpm.pid
ExecStartPre = /usr/lib/php5/php5-fpm-checkconf
ExecStart = /usr/sbin/php5-fpm --nodaemonize --fpm-config /etc/php5/fpm/php-fpm.conf
ExecReload = /bin/kill -USR2 $MAINPID
; Added to set umask for files created by PHP
UMask = 0002

[Install]
WantedBy = multi-user.target

Note that:

1. You can not use systemctl edit php5-fpm.service command as edit option was introduced in systemctl version 218 but Debian 8 ships with version 215.
2. Adding *.conf file as suggested in comments for this answer did not work for me, but maybe I messed up something (comments are welcome for this as editing unit file is not something that I feel comfortable with).