httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Brooks <jason.bro...@eroi.com>
Subject Re: [users@httpd] php-fpm user other than webserver user?
Date Thu, 29 Dec 2016 19:41:34 GMT
Of course, if you are using tcp sockets, you will need to bind to a different port for each
socket, and unix-domain sockets will need a different path/filename.

—jason

Jason Brooks	Systems Administrator
eROI	Performance is Art.
 
m:	505 nw couch #300	w:	eroi.com <http://eroi.com/>
t:	503.290.3105	f:	503.228.4249


fb:	fb.com/eROI <http://www.facebook.com/eROI>








> On Dec 29, 2016, at 11:40 AM, Jason Brooks <jason.brooks@eroi.com> wrote:
> 
> Hello Mattias, 
> 
> I just dealt with this question moments ago.  I am running ubuntu 16.04 lts.
> 
> I had to modify the pool file: /etc/php/7.0/fpm/pool.d/www.conf
> 
> The lines in question are:
> 	user =
> 	group =
> 	listen.owner =
> 	listen.group =
> 
> The last two lines are for unix domain sockets.
> 
> This is the easiest if you are only serving one domain.
> 
> I still have to do some research into multiple virtual domains each with their own user,
but I expect in that case to have one listening php-fpm port per user.  I would probably then
reserve the www.conf file for the main apache configurations assuming I was running phpmyadmin
or something, and create new pool files of <username>.conf each.
> 
> —jason
> 
> Jason Brooks	Systems Administrator
> eROI	Performance is Art.
>  
> m:	505 nw couch #300	w:	eroi.com <http://eroi.com/>
> t:	503.290.3105	f:	503.228.4249
> 
> 
> fb:	fb.com/eROI <http://www.facebook.com/eROI>
> 
> 
> 
> 
> 
> 
> 
> 
>> On Dec 29, 2016, at 10:35 AM, Matthias Leopold <matthias@leopold.priv.at <mailto:matthias@leopold.priv.at>>
wrote:
>> 
>> Hi,
>> 
>> I hope this is an appropriate place for my question (also sent it to CentOS list):
>> 
>> I'd like to know how others handle the setup of Apache httpd and PHP-FPM when the
PHP-FPM user is different from the webserver user. This is the case in the default configuration
of IUS PHP-FPM packages (not in stock CentOS/RHEL). So I have httpd running as 'apache' and
PHP running as 'php-fpm'. I'm aware of special use cases where a configurable PHP user is
a nice feature, but how do i handle filesystem setup for this default configuration in a pretty
and secure way? Do people use it like that or do they change PHP-FPM user back to 'apache'
(like in RH packages)? All of the setups i tried (eg. using ACLs) don't really look "pretty"
and "robust", something I'd like to have when using "default" configurations. I hope I'm not
thinking too complicated...
>> 
>> Thanks for feedback
>> matthias
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org <mailto:users-unsubscribe@httpd.apache.org>
>> For additional commands, e-mail: users-help@httpd.apache.org <mailto:users-help@httpd.apache.org>
>> 
> 


Mime
View raw message