httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Brooks <jason.bro...@eroi.com>
Subject Re: [users@httpd] php-fpm user other than webserver user?
Date Thu, 29 Dec 2016 19:40:35 GMT
Hello Mattias, 

I just dealt with this question moments ago.  I am running ubuntu 16.04 lts.

I had to modify the pool file: /etc/php/7.0/fpm/pool.d/www.conf

The lines in question are:
	user =
	group =
	listen.owner =
	listen.group =

The last two lines are for unix domain sockets.

This is the easiest if you are only serving one domain.

I still have to do some research into multiple virtual domains each with their own user, but
I expect in that case to have one listening php-fpm port per user.  I would probably then
reserve the www.conf file for the main apache configurations assuming I was running phpmyadmin
or something, and create new pool files of <username>.conf each.

—jason

Jason Brooks	Systems Administrator
eROI	Performance is Art.
 
m:	505 nw couch #300	w:	eroi.com <http://eroi.com/>
t:	503.290.3105	f:	503.228.4249


fb:	fb.com/eROI <http://www.facebook.com/eROI>








> On Dec 29, 2016, at 10:35 AM, Matthias Leopold <matthias@leopold.priv.at> wrote:
> 
> Hi,
> 
> I hope this is an appropriate place for my question (also sent it to CentOS list):
> 
> I'd like to know how others handle the setup of Apache httpd and PHP-FPM when the PHP-FPM
user is different from the webserver user. This is the case in the default configuration of
IUS PHP-FPM packages (not in stock CentOS/RHEL). So I have httpd running as 'apache' and PHP
running as 'php-fpm'. I'm aware of special use cases where a configurable PHP user is a nice
feature, but how do i handle filesystem setup for this default configuration in a pretty and
secure way? Do people use it like that or do they change PHP-FPM user back to 'apache' (like
in RH packages)? All of the setups i tried (eg. using ACLs) don't really look "pretty" and
"robust", something I'd like to have when using "default" configurations. I hope I'm not thinking
too complicated...
> 
> Thanks for feedback
> matthias
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


Mime
View raw message