Hi, Thanks for the details. So I continued delving into the nginx instance configuration. There were a couple more of files in /etc/phpMyAdmin and /var/lib/php, /var/lib/phpMyAdmin belonging to user root and group apache as per default installation. After some more fixes everything went well, but my opinion is still the same. I see the point of httpd vs nginx in performance but I think that the default configuration should be more flexible. What if creating a 'www' group, and user 'nginx' and 'apache' are added into? and then files in /var/www , /var/lib/php and /var/lib/phpMyAdmin shall belong to 'www' group. In this way, after default installation, permissions shall be fixed for both the web servers without further noticing.
Maybe someone from the package team can help us... Regards, F 2017-11-26 21:28 GMT+01:00 Reindl Harald <h.rei...@thelounge.net>: > > > Am 26.11.2017 um 20:55 schrieb Francesco Giancane: > >> Thank you for the reply. Was not saying that it is the most secure >> configuration, my point was that in that way everything is not working out >> of the box on nginx while on httpd it is transparent. >> > > the default for httpd is also php-fpm > > In my opinion, default installation should work without modifying my >> system configurations; securing my installation should be a separate step >> > > in the best case yes > > in doubt default setups have to be secure because most users don't have > the knowledge to secure things at their own, just read IT news about open > MonoDB and what not else in the past few years > > What I am asking here is why php-fpm runs by default under the Apache >> user... >> > > likely because most people use httpd and nginx is normally used where > performance matters and sysadmins are expected to know what to do > > in any case some knowledge is expected when running servers > > Following your arguments it would be better to be under fpm user account. >> > > yes > > > Il 26 nov 2017 20:42, "Reindl Harald" <h.rei...@thelounge.net <mailto: >> h.rei...@thelounge.net>> ha scritto: >> >> >> >> Am 26.11.2017 um 20:18 schrieb Francesco Giancane: >> >> If you switch to nginx, you actually have to run both nginx and >> php-fpm; because those are two different processes, you have to >> grant permissions to both on the same files, which to me seems >> unnecessary >> >> >> breaking news: that's how secure setups are supposed to work >> everything should only have the permissions it really needs >> >> in doubt you even have sepearated users for each fpm worker-pool >> meaning each website can only access the files belonging to that user >> >
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
