Speak now
Please Wait Image Converting Into Text...
Embark on a journey of knowledge! Take the quiz and earn valuable credits.
Challenge yourself and boost your learning! Start the quiz now to earn credits.
Unlock your potential! Begin the quiz, answer questions, and accumulate credits along the way.
General Tech Bugs & Fixes 2 years ago
Posted on 16 Aug 2022, this text provides information on Bugs & Fixes related to General Tech. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.
Turn Your Knowledge into Earnings.
I have apache-mpm-itk + php_module setup and user's folders/files belongs to them. But I want to migrate several accounts to nginx + php-fpm.
What should be the right permissions on folders/files if I want to use nginx/php-fpm with virtual hosts which belongs to different users?
For example, user's home:
/var/www/user/data/www/domain.com
and permissions is user:user
Here is code from host's nginx conf:
server { listen 8080; server_name domain.com; root /var/www/user/data/www/domain.com/; index index.php index.html index.htm; location / { # First attempt to serve request as file try_files $uri $uri/index.php; } location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm/domain.com.socket; fastcgi_index index.php; include fastcgi_params; } }
And here is pool config from php-fpm:
[domain.com] listen = /var/run/php5-fpm/domain.com.socket listen.backlog = -1 listen.owner = user listen.group = user listen.mode=0660 ; Unix user/group of processes user = user group = user ; Choose how the process manager will control the number of child processes. pm = dynamic pm.max_children = 75 pm.start_servers = 10 pm.min_spare_servers = 5 pm.max_spare_servers = 20 pm.max_requests = 500 ; Pass environment variables env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /var/www/user/data/tmp env[TMPDIR] = /var/www/user/data/tmp env[TEMP] = /var/www/user/data/tmp ; host-specific php ini settings here ; php_admin_value[open_basedir] = /var/www/user/data:/tmp php_admin_value[error_log] = /var/user/data/logs/fpm-php.log php_admin_value[realpath_cache_size] = 4096K
nginx workers are spawned with the value from the user directive. The default value is nobody, but nginx official packages include a default configuration containing user nginx; in nginx.conf, in the main context.
user
nobody
user nginx;
nginx.conf
main
When only a user is specified, the group with the same name is applied to nginx workers.
Default user:group for PHP-FPM is www-data:www-data.
What you could so is making files owned by nginx:www-data which would work out the box. The problem would then be to update files, since any user creating files would need write access.
nginx:www-data
By default, directories are writeable by its owner (user) but not this user's group, which forces you to either:
nginx
www-data
To me, both previous solutions are less-than-ideal.
What I would do is making that directory tree owned by the user managing content, use user nginx www-data; to make nginx workers user belonging to the www-data group, and allow the user to read/write, group to read and others nothing (thus a 0640 bitmask for files and 0750 bitmask for directories, allowing traversal for user and group).
user nginx www-data;
0640
0750
To go even further, I would add the setgid bit on directories, to ensure the right group is automatically applied to any directory/file created in the tree. I would thus use the 2640 bitmask on files and 2750on directories.
2640
2750
You can change the default bitmask for a specific partition at the OS level... or you can stick with the defaults which are a bit less restrictive, but work flawlessly, simply changing ownership and adding the setgid flag.
No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.
General Tech 9 Answers
General Tech 7 Answers
General Tech 3 Answers
General Tech 2 Answers
Ready to take your education and career to the next level? Register today and join our growing community of learners and professionals.