Hi,
Thank you for the reply. Was not saying that it is the most secure configuration, my point was that in that way everything is not working out of the box on nginx while on httpd it is transparent.
In my opinion, default installation should work without modifying my system configurations; securing my installation should be a separate step. What I am asking here is why php-fpm runs by default under the Apache user... Following your arguments it would be better to be under fpm user account.
Il 26 nov 2017 20:42, "Reindl Harald" <h.reindl@xxxxxxxxxxxxx> ha scritto:
Am 26.11.2017 um 20:18 schrieb Francesco Giancane:
If you switch to nginx, you actually have to run both nginx and php-fpm; because those are two different processes, you have to grant permissions to both on the same files, which to me seems unnecessary
breaking news: that's how secure setups are supposed to work
everything should only have the permissions it really needs
in doubt you even have sepearated users for each fpm worker-pool meaning each website can only access the files belonging to that user
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
