Re: Webserver user/group

To: Joerg Sonnenberger <joerg%bec.de@localhost>
Subject: Re: Webserver user/group
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sun, 05 Apr 2020 19:44:23 -0400

Joerg Sonnenberger <joerg%bec.de@localhost> writes:

> On Mon, Apr 06, 2020 at 01:03:49AM +0200, Frédéric Fauberteau wrote:
>> I mainly run www/nginx as webserver. I also run www/php-fpm that uses
>> an unprivileged user FPM_USER?= ${APACHE_USER}. In my mk.conf, I have
>> APACHE_USER= nginx. I would prefer to have web services' unprivileged
>> users depending on a generic WWW_USER that could be configured
>> according to the webserver actually running.
>
> I don't like it. In fact, IMO php-fm should be defaulting to its own
> user if anything. This seems to be a step backwards from the perspective
> of best practises...

I am also not in favor, and agreed that more privsep is better if it
isn't painful.

I have a machine with nginx and php-fpm, running as nginx and www.  It
seems to be working fie.

Frédéric: Can you explain why a dedicated user for php-fm would be a
problem, or have disadvantages?

Follow-Ups:
- Re: Webserver user/group
  - From: Frédéric Fauberteau

References:
- Webserver user/group
  - From: Frédéric Fauberteau
- Re: Webserver user/group
  - From: Joerg Sonnenberger

Prev by Date: Re: Webserver user/group
Next by Date: daily pkgsrc CVS update output
Previous by Thread: Re: Webserver user/group
Next by Thread: Re: Webserver user/group
Indexes:

Home | Main Index | Thread Index | Old Index