I just found out that my nginx user is not the same that is returned by ("php-user"). Both users are not root. However, I wonder whether this configuration might lead to problems in the future?
I am working on Ubuntu 12.04.
SnapOverflow
I just found out that my nginx user is not the same that is returned by ("php-user"). Both users are not root. However, I wonder whether this configuration might lead to problems in the future?
I am working on Ubuntu 12.04.
It's a perfectly fine idea, and improves the security of your server.
It means that PHP cannot write to data owned by nginx (or any other user) without world-write permissions (and you would NEVER EVER
chmod 777anything).In my production web servers, nginx runs as user
nginxwhile PHP runs as userwww-dataor something similar.Typically, you want your FTP user, SSH user, web server user and PHP user to be consistently the same to avoid permissions issues. Read this,
http://www.sonassi.com/knowledge-base/stop-magento-permissions-errors-permanently/
If not just for your own sanity when working on a site. Otherwise you'll likely continually find yourself chmod'ing or chown'ing.
In principal, it is more secure having two users versus one. But, security is only going to ever be as good as the person using it. And the likely result is someone recursively chmod'ing a dir just to try and resolve a permissions issue - then forgetting about it and leaving it wide open. Plus if selinux is enabled, there'll be potential tree traversal issues.
We also run Nginx as a different user, but generally part of the same group as the PHP process, but as its only used for static content, it only really needs read access anyway.