Nginx + PHP-FPM: Permissions on UNIX socket

B.R. reallfqq-nginx at yahoo.fr
Fri May 11 16:25:07 UTC 2012 

Did you specify the www-data group in the 'user' configuration entry of
Nginx?
If you did so then this is why. It is what you shall do at the present time
to allow group privileges to the worker processes.

I only specified the user 'nginx' and not any group, since I thought the
groups which nginx belongs to would could automatically be used for access
privileges.
Maxim added a comment on the ticket and flagged it as a potential
enhancement, look at his comment: http://trac.nginx.org/nginx/ticket/165

I guess I understand that if I don't specify any group in the configuation
file, then 'nobody' is used.
But Sergey confused me a littler about his 'supplementary group' piece of
advice which I didn't get.
---
*B. R.*


On Fri, May 11, 2012 at 12:14 PM, Edho Arief <edho at myconan.net> wrote:

> On Fri, May 11, 2012 at 11:08 PM, B.R. <reallfqq-nginx at yahoo.fr> wrote:
> > OK, thanks Sergey!
> > That seemed to be a gross bug, I am glad to know that's only my mistake.
> :o)
> >
> > What do you mean by 'add www-data as supplementary group to nginx user'?
> > At the moment, nginx has www-data as its primary group.
> >
> > - Can it work if I don't specify any group in the Nginx config file
> (default
> > group seems to be nobody, not any nginx user groups)?
> > - Or should I always specify a group in the configuration, even if the
> nginx
> > user already belongs to it?
> > ---
>
> It's weird, I certainly have no problem with such setup.
>
> $ ls -l .php.sock-*
> srw-rw---- 1 bacchanallia www-data 0 May  9 12:27 .php.sock-bacchanallia=
> srw-rw---- 1 edho         www-data 0 May  9 12:27 .php.sock-edho=
> srw-rw---- 1 genshiken    www-data 0 May  9 12:27 .php.sock-genshiken=
> $ id www-data
> uid=33(www-data) gid=33(www-data) groups=33(www-data)
> $ id edho
> uid=1000(edho) gid=1000(edho)
>
> groups=1000(edho),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev)
> $ ps axuw|grep nginx
> root     32448  0.0  0.0  65424   640 ?        Ss   Apr30   0:00
> nginx: master process /usr/sbin/nginx
> www-data 32449  0.0  0.3  65828  3348 ?        S    Apr30   0:59
> nginx: worker process
> www-data 32450  0.0  0.4  65572  4768 ?        S    Apr30   0:57
> nginx: worker process
> www-data 32451  0.0  0.5  66320  5844 ?        S    Apr30   1:02
> nginx: worker process
> www-data 32452  0.0  0.3  65428  3420 ?        S    Apr30   0:59
> nginx: worker process
> www-data 32453  0.0  0.4  66324  4356 ?        S    Apr30   1:01
> nginx: worker process
> $
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120511/ee379c55/attachment-0001.html>

More information about the nginx mailing list