Hi, How do I configure apache to allow PHP scripts write access to a document root without compromising security?
I have a fedora29 system with php-7.2.13 and trying to get joomla installed properly and having some trouble. I'm an experienced Linux admin, but I'm not very familiar with php applications and how to manage permissions of them. I don't entirely understand the relationship between php, apache, and mod_fcgi. I fully understand how filesystem permissions and ownership works. I have all files at 644 and all directories at 755 in the document root, owned by my ftpuser account. selinux is disabled because this server does so much other stuff. The problem is that joomla fails to run properly because the document root isn't entirely owned by the apache user. What is the best method for managing permissions with apache so we don't have to have all files owned by the user which is running the apache process? I'm also confused on the relationship between mod_fcgid, fpm-fcgi and suexec. I've configured php-fpm and mod_fcgid according to this doc (and others): https://wiki.archlinux.org/index.php/Apache_HTTP_Server#Using_php-fpm_and_mod_proxy_fcgi I've also set SuexecUserGroup to the user I'd like to use for ftp/sftp access: SuexecUserGroup ftpuser ftpuser but I don't understand how that ties in with the filesystem and allowing apache to write the joomla files it needs, like the cache directory and perform extension updates, while also allowing access to the ftpuser to read and write the same files. I believe I want to use mod_fcgi instead of loading PHP into apache directly with mod_php. Do I need to create a wrapper script, or is one already included with fedora? It appears fedora is already loading php7_module with the php package. Do I need to disable that prior to using mod_fcgid? _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
