3

I have a centos 6 server which using apache to connect php-fpm to run php site, i use user's home directory for the website root, for example /home/user1, . On the other hand, the php-fpm www.conf, the lines user and group i set to apache.

So, when the php write or create a file (e.g /home/user1/var/log/file), it will use apache:apache as owner. Then i need to run a command at /home/user1/var/log/ "chmod -R ug+s ." to make php to create a file as apache:user1 while user1 is group

So my question is, it is possible to set php-fpm to create file using the directory user owner (user1:user1) but not apache:apache

Improve this question
1
  • did you find a good solution? Commented Dec 14, 2024 at 9:49

2 Answers 2

Reset to default
1

Instead of www.conf, create site.conf files in your pool.d directory.

Then you can set a user for each site:

user  = myuser
group = $user

You can also do

site  = $pool
group = $pool

if your username is site.example.com (handy for devops).

But consider that you might need

site  = $pool
group = httpd

or

group = www-data

(on Debian) if you want your apache to read the files that the pool creates, e.g. image uploads, if you use least-privilege permissions.

Make sure your socket locations and permissions agree as well so apache can talk to php_fpm.

Improve this answer
1
  • is there a way to set it based on folder? e.g. home/user1/www should be user1 and home/user2/www should be user2 Commented Dec 14, 2024 at 9:48
0

You can use module suPHP in Apache to specific User permission to run PHP script. You can take a look at this article http://blog.secaserver.com/2012/02/linux-install-configure-apache-suphp/

Improve this answer
2
  • suPHP seems end of life, do any other solutions exist Commented Oct 19, 2018 at 9:25
  • There are many options in the field, you can search for "suexec", "mod_ruid2" or "mod_php" and choose one that fit for your need. Commented Oct 19, 2018 at 12:21

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.