Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 21E6D200BEC for ; Thu, 29 Dec 2016 19:35:28 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 20826160B2D; Thu, 29 Dec 2016 18:35:28 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 6AEBD160B23 for ; Thu, 29 Dec 2016 19:35:27 +0100 (CET) Received: (qmail 63693 invoked by uid 500); 29 Dec 2016 18:35:26 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 63683 invoked by uid 99); 29 Dec 2016 18:35:26 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Dec 2016 18:35:26 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id C3C97180297 for ; Thu, 29 Dec 2016 18:35:25 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.5 X-Spam-Level: * X-Spam-Status: No, score=1.5 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id NCM373Kl9Oao for ; Thu, 29 Dec 2016 18:35:23 +0000 (UTC) Received: from vie01a-dmta-pe03-2.mx.upcmail.net (vie01a-dmta-pe03-2.mx.upcmail.net [62.179.121.161]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id D1B835F3BC for ; Thu, 29 Dec 2016 18:35:22 +0000 (UTC) Received: from [172.31.216.43] (helo=vie01a-pemc-psmtp-pe01) by vie01a-dmta-pe03.mx.upcmail.net with esmtp (Exim 4.87) (envelope-from ) id 1cMfXt-0001wq-EP for users@httpd.apache.org; Thu, 29 Dec 2016 19:35:21 +0100 Received: from [192.168.1.102] ([84.112.44.117]) by vie01a-pemc-psmtp-pe01 with SMTP @ mailcloud.upcmail.net id RubL1u00d2Xh8WC01ubMnZ; Thu, 29 Dec 2016 19:35:21 +0100 X-SourceIP: 84.112.44.117 To: users@httpd.apache.org From: Matthias Leopold Message-ID: <296fb75a-b855-c9ae-d58b-f27750e1a5ea@leopold.priv.at> Date: Thu, 29 Dec 2016 19:35:20 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: [users@httpd] php-fpm user other than webserver user? archived-at: Thu, 29 Dec 2016 18:35:28 -0000 Hi, I hope this is an appropriate place for my question (also sent it to CentOS list): I'd like to know how others handle the setup of Apache httpd and PHP-FPM when the PHP-FPM user is different from the webserver user. This is the case in the default configuration of IUS PHP-FPM packages (not in stock CentOS/RHEL). So I have httpd running as 'apache' and PHP running as 'php-fpm'. I'm aware of special use cases where a configurable PHP user is a nice feature, but how do i handle filesystem setup for this default configuration in a pretty and secure way? Do people use it like that or do they change PHP-FPM user back to 'apache' (like in RH packages)? All of the setups i tried (eg. using ACLs) don't really look "pretty" and "robust", something I'd like to have when using "default" configurations. I hope I'm not thinking too complicated... Thanks for feedback matthias --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org