Re: Webserver user/group

[Frédéric Fauberteau <triaxx%NetBSD.org@localhost>]

Le 06/04/2020 à 15:15, Roy Marples a écrit :
> On 06/04/2020 13:45, Frédéric Fauberteau wrote:
>> Le 06/04/2020 à 01:09, Joerg Sonnenberger a écrit :
>>> On Mon, Apr 06, 2020 at 01:03:49AM +0200, Frédéric Fauberteau wrote:
>>>> I mainly run www/nginx as webserver. I also run www/php-fpm that uses
>>>> an unprivileged user FPM_USER?= ${APACHE_USER}. In my mk.conf, I have
>>>> APACHE_USER= nginx. I would prefer to have web services' unprivileged
>>>> users depending on a generic WWW_USER that could be configured
>>>> according to the webserver actually running.
>>>
>>> I don't like it. In fact, IMO php-fm should be defaulting to its own
>>> user if anything. This seems to be a step backwards from the perspective
>>> of best practises...
>>>
>>> Joerg
>>
>> If I understand correctly, you suggest that FPM_USER should be defined as FPM_USER?= fpm. If I try this configuration:
>> user = fpm
>> group = fpm
>> listen.owner = nginx
>> listen.group = nginx
>> I get permission denied error in my logs.
> 
> User, not group.
> 
> user = fpm
> group = www
> listen.owner = nginx
> listen.group = www
> 
> Then ensure things are group readable and writeable where needed.
> 
> Roy

Looking a little closer, my error came from the logdir of the application that was not writable for fpm (only for nginx). If I set this directory to root:www / 0775, the error should be solved. Thanks!