PHP-FPM Socket run as root?

nmb

Verified User
Joined
Sep 13, 2008
Messages
223
As far as I know, the PHP-FPM main process can be run as root but the sockets file should be run as user. However, when I checked at /usr/local/php53(54)/sockets I found that all sockets there are running as root.

I'm not sure it's only my server or it's normal for Custombuild 2.0. Anyone can confirm that?


Thanks
 
They are root on my machine as well (note: I haven't updated mine in a while)

The related configration settings may be listen.owner/listen.group/listen.mode -- however if I see http://php.net/manual/en/install.fpm.configuration.php

It says that the default values are as the running user, what I would think is the one set by user=

I too wonder if this is working correctly.
 
Hello,

Looks like an error in their documentation.. or something changed in the past in the php code, and the documentation wasn't updated.

In any case, I've added these lines to the php-fpm.conf template:
Code:
listen.owner = $pool
listen.group = apache
listen.mode = 660
The only reason you'd ever need to read the socket as the user, is if you're using mod_ruid2 and php-fpm at the same time.
If you disable mod_ruid2, then apache:apache would be ok (but the above code covers both scenarios)

Note that if you are using mod_ruid2, then the sockets folder must also be set to 711, so that users can see in (but the 660 prevents any security issues)
/usr/local/php53/sockets

with mod_ruid2 disable, this sockets folder should be 700.

I've update CB 2.0 to set this folder accordingly when ./build php is run.

In any case, the above code has been added to the global php-fpm.conf templates[/code]but for existing boxes, you may need to manually add it in your conf:
/usr/local/php53/etc/php-fpm.conf

and template:
/usr/local/directadmin/data/templates/php-fpm.conf

The next DA release will have the listen.owner, listen.group an listen.mod set in the data/templates/php-fpm.conf.

John
 
Back
Top