Re: Webserver user/group

[Greg Troxel <gdt%lexort.com@localhost>]

Frédéric Fauberteau <triaxx%NetBSD.org@localhost> writes:

> If I run nginx as nginx user and php-fpm as fpm user, I get permission
> denied errors. It is probably a problem in my own configuration.

It sounds like you have found a way to deal with this.

> But I did not suggest to add a dedicated user for php-fpm. It was just
> an example to illustrate my point. My proposition was to declare
> WWW_USER/WWW_GROUP for need of packages that require files owned by
> the user that runs the webserver. I don't find very consistent to
> write APACHE_USER=nginx or APACHE_USER=lighttpd because there is no
> relation to apache at all. However WWW_USER=nginx sounds better for
> me. If we defined WWW_USER=${APACHE_USER}, it does not change the
> default policy. I can cite another example: www/php-piwigo uses
> APACHE_USER to set file ownership to www. This behavior appears to me
> as a the remainder of a time where everyone used Apache httpd (I used
> too). But maybe I am totally wrong and it is an intentional policy. In
> this case, I don't touch anything.

I didn't misunderstand you.  I was really trying to ask if what you
proposed was necessary, particularly for fpm where there can be a
separate user.

It seems like after you figured out how to have each program have its
own logs, there might not be any need for even group writability?