How to set up fpm in conjunction with nginx?

A

Aleksandr Yurchenko2021-08-08 13:21:49

PHP

Aleksandr Yurchenko, 2021-08-08 13:21:49

Hello.

I would like to clarify how to configure fpm (in terms of security) in conjunction with nginx. One question is of interest: how to make the created files (easier than asking, if expressed incorrectly) be available for editing / deletion by the current user. Initial data:

User added to nginx, www-data groups
Nginx starts as user www-data
Changes have been made to /etc/php/7.4/fpm/pool.d/www.conf (it seems to me that it is not configured correctly, although the files are now available for deletion/editing)

Config www.conf (I didn’t fit here, I’ll explain the moment that causes concern):

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = user
group = www-data

It turns out that fpm is launched on behalf of the current user, and it seems to me that this is not entirely correct. In this question, I "float a lot", so I would like to ask - is this correct? And if not, what is the best way to implement the work of fpm, so that the files created would be available for editing / deletion.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

ky0, 2021-08-08
@yaleksandr89

Who is the "current user"? Some person who interactively logs into the server via SSH/FTP and touches files?
In this case, you should not add him to the technical group www-data- because this can give him access to common configs and the ability to steer services, but vice versa - www-dataadd a user to the user group so that the web server and PHP can touch his files, but not vice versa.