httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Brooks <>
Subject Re: [users@httpd] php-fpm user other than webserver user?
Date Thu, 29 Dec 2016 19:40:35 GMT
Hello Mattias, 

I just dealt with this question moments ago.  I am running ubuntu 16.04 lts.

I had to modify the pool file: /etc/php/7.0/fpm/pool.d/www.conf

The lines in question are:
	user =
	group =
	listen.owner = =

The last two lines are for unix domain sockets.

This is the easiest if you are only serving one domain.

I still have to do some research into multiple virtual domains each with their own user, but
I expect in that case to have one listening php-fpm port per user.  I would probably then
reserve the www.conf file for the main apache configurations assuming I was running phpmyadmin
or something, and create new pool files of <username>.conf each.


Jason Brooks	Systems Administrator
eROI	Performance is Art.
m:	505 nw couch #300	w: <>
t:	503.290.3105	f:	503.228.4249

fb: <>

> On Dec 29, 2016, at 10:35 AM, Matthias Leopold <> wrote:
> Hi,
> I hope this is an appropriate place for my question (also sent it to CentOS list):
> I'd like to know how others handle the setup of Apache httpd and PHP-FPM when the PHP-FPM
user is different from the webserver user. This is the case in the default configuration of
IUS PHP-FPM packages (not in stock CentOS/RHEL). So I have httpd running as 'apache' and PHP
running as 'php-fpm'. I'm aware of special use cases where a configurable PHP user is a nice
feature, but how do i handle filesystem setup for this default configuration in a pretty and
secure way? Do people use it like that or do they change PHP-FPM user back to 'apache' (like
in RH packages)? All of the setups i tried (eg. using ACLs) don't really look "pretty" and
"robust", something I'd like to have when using "default" configurations. I hope I'm not thinking
too complicated...
> Thanks for feedback
> matthias
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message