Re: [users@httpd] php-fpm user other than webserver user?

Thu, 29 Dec 2016 11:41:22 -0800 

Hello Mattias, 

I just dealt with this question moments ago.  I am running ubuntu 16.04 lts.

I had to modify the pool file: /etc/php/7.0/fpm/pool.d/www.conf

The lines in question are:
        user =
        group =
        listen.owner =
        listen.group =

The last two lines are for unix domain sockets.

This is the easiest if you are only serving one domain.

I still have to do some research into multiple virtual domains each with their 
own user, but I expect in that case to have one listening php-fpm port per 
user.  I would probably then reserve the www.conf file for the main apache 
configurations assuming I was running phpmyadmin or something, and create new 
pool files of <username>.conf each.

—jason

Jason Brooks    Systems Administrator
eROI    Performance is Art.
 
m:      505 nw couch #300       w:      eroi.com <http://eroi.com/>
t:      503.290.3105    f:      503.228.4249


fb:     fb.com/eROI <http://www.facebook.com/eROI>








> On Dec 29, 2016, at 10:35 AM, Matthias Leopold <matth...@leopold.priv.at> 
> wrote:
> 
> Hi,
> 
> I hope this is an appropriate place for my question (also sent it to CentOS 
> list):
> 
> I'd like to know how others handle the setup of Apache httpd and PHP-FPM when 
> the PHP-FPM user is different from the webserver user. This is the case in 
> the default configuration of IUS PHP-FPM packages (not in stock CentOS/RHEL). 
> So I have httpd running as 'apache' and PHP running as 'php-fpm'. I'm aware 
> of special use cases where a configurable PHP user is a nice feature, but how 
> do i handle filesystem setup for this default configuration in a pretty and 
> secure way? Do people use it like that or do they change PHP-FPM user back to 
> 'apache' (like in RH packages)? All of the setups i tried (eg. using ACLs) 
> don't really look "pretty" and "robust", something I'd like to have when 
> using "default" configurations. I hope I'm not thinking too complicated...
> 
> Thanks for feedback
> matthias
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>

Reply via email to