Re: php-fpm user other than webserver user?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Of course, if you are using tcp sockets, you will need to bind to a different port for each socket, and unix-domain sockets will need a different path/filename.

—jason

Jason BrooksSystems Administrator
eROIPerformance is Art.
 
m:505 nw couch #300w:eroi.com
t:503.290.3105f:503.228.4249


fb:fb.com/eROI








On Dec 29, 2016, at 11:40 AM, Jason Brooks <jason.brooks@xxxxxxxx> wrote:

Hello Mattias, 

I just dealt with this question moments ago.  I am running ubuntu 16.04 lts.

I had to modify the pool file: /etc/php/7.0/fpm/pool.d/www.conf

The lines in question are:
user =
group =
listen.owner =
listen.group =

The last two lines are for unix domain sockets.

This is the easiest if you are only serving one domain.

I still have to do some research into multiple virtual domains each with their own user, but I expect in that case to have one listening php-fpm port per user.  I would probably then reserve the www.conf file for the main apache configurations assuming I was running phpmyadmin or something, and create new pool files of <username>.conf each.

—jason

Jason BrooksSystems Administrator
eROIPerformance is Art.
 
m:505 nw couch #300w:eroi.com
t:503.290.3105f:503.228.4249


fb:fb.com/eROI








On Dec 29, 2016, at 10:35 AM, Matthias Leopold <matthias@xxxxxxxxxxxxxxx> wrote:

Hi,

I hope this is an appropriate place for my question (also sent it to CentOS list):

I'd like to know how others handle the setup of Apache httpd and PHP-FPM when the PHP-FPM user is different from the webserver user. This is the case in the default configuration of IUS PHP-FPM packages (not in stock CentOS/RHEL). So I have httpd running as 'apache' and PHP running as 'php-fpm'. I'm aware of special use cases where a configurable PHP user is a nice feature, but how do i handle filesystem setup for this default configuration in a pretty and secure way? Do people use it like that or do they change PHP-FPM user back to 'apache' (like in RH packages)? All of the setups i tried (eg. using ACLs) don't really look "pretty" and "robust", something I'd like to have when using "default" configurations. I hope I'm not thinking too complicated...

Thanks for feedback
matthias

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux