Setting permissions for nginx/php-fpm on ubuntu server?

H

hOtRush2017-08-03 13:22:44

linux

hOtRush, 2017-08-03 13:22:44

For example, there is a server with ubuntu server on board (version 14 or 16) and there is some user, for example user. The user's home directory contains a directory with a php project, everything works under nginx + php-fpm. How to properly set the rights to this project?
For example, if left as is (user:user), then nginx/php-fpm launched from www-data:www-data will create files and folders as www-data:www-data which can create problems in the future. Some people advise adding the user to the www-data group and assigning user:www-data to the project, but the problem above remains.
In general, how to do it right?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

Twelfth Doctor, 2017-08-03
@verdex

If your project is located in the user's home directory, then why not create a separate php-fpm pool running from the user you need, on the directory with permission 755, files - 644.
Then in /etc/php/7.0/fpm/pool. d create a new file with the following content:

[user]
user = user
group = user
listen = /run/php/php7.0-user.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /

In Nginx config:

location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.0-user.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

Then PHP will work on behalf of the user specified in the user directive of the php-fpm pool

S

Sanes, 2017-08-03
@Sanes

https://bitbucket.org/Drobkov/userplus-webserver-ubuntu