Multiple site with PHP-FPM home directory permission

Steve Holdoway steve at greengecko.co.nz
Fri Jan 11 09:27:56 UTC 2013


On 11/01/13 21:07, peter at donka.hu wrote:
> Hi Guys!
>
> I have an nginx server with multiple virtual hosted site. Every site
> running with unique user permission using PHP-FPM.
> Its all fine, i see the user variable in the phpinfo page and i see the
> right username.
>
> However i have a little problem.
> Here an example what is have then i write what is the problem.
>
> in the /var/www directory i have all site webroot like:
>
> domain.tld
> domain1.tld
>
> etc..
>
> every folder have the connected php-fpm user rights like owner and group
>
> so domain.tld folder user and group is domain.tld
> and have 0755 permission, so only the owner can write group and everybody
> else just read.
>
> I want to restrict this to that only thy owner/group can enter this
> directory, so i need 0750 flag.
> In that case the web site no longer loaded i see 404 error and in the log
> files a permission denied error.
> Then i realize i need to gain access to the www-data too, because this
> user try to enter to the main directory.
> So i add www-data to the domain.tld group, but same problem. I all can get
> the permission denied.
> If i set back the 0755 permission, so everybody can read/enter this
> directory it will working again.
>
> Is there any way to set a permission that the web page working fine but
> the directory only accessible by the owner and www-data and root?
>
> Thx for the help!
> Peter
>
chgrp -R www-data .
find . -type d | xargs chmod 2750

will provide and future proof read access to the web server.  I assume 
there is a dedicated php-fpm process for each site, running as the 
appropriate owner.



More information about the nginx mailing list