Home / server / Questions / 949098
Accepted
Ta Coen
Asked: 2019-01-15 22:26:03 +0800 CST

Suexec/Apache user is not php-fpm 'user'

  • 772

Suexec/Apache user is not php-fpm 'user'.

in my php-fpm pool:

[cdnmin]
user = cdnmin
group = cdnmin
listen = /run/php/php7.0-fpm.cdnmin.sock
listen.owner = cdnmin
listen.group = cdnmin
listen.mode = 0666
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

I create 'index.php' for the test:

<?php 
file_put_contents('test.txt','Test');
echo exec('whoami');
echo '<hr>Current script owner: ' . get_current_user();
phpinfo();
?>

php-fpm works, but has wrong permission, as my error.log show

AH01071: Got error 'PHP message: PHP Warning:  file_put_contents(test.txt):
failed to open stream: Permission denied ...'

php 'get_current_user()' return 'cdnmin' which is php-fpm pool users. but 'whoami' return www-data (apache2)

inside /run/php :

 srw-rw-rw-  1 cdnmin   cdnmin     0 Jan 15 15:18 php7.2-fpm.cdnmin.sock

The working directory (/var/www/cdn) is owned by cdnmin:cdnmin, and is 755.

 SuexecUserGroup cdnmin cdnmin

is on virtualhost's (apache) directive.

I can find out why 'whoami' and get_current_user() is not the same.

What did I missing ?

php-fpm

1 Answers

  1. Best Answer

    I'm using ubuntu 18.04 which has no support to fastcgi. Bionic using proxy_fcgi. I dont see any error came from fastcgi because i using so it always send the request to default (www.conf) that's why it become 'www-data'.

    Problem solved then.

    Here some snipset

    my virtualhost.conf :

        <VirtualHost *:80>
    DocumentRoot /var/www/cdn
    ServerName cdn.wx.dz.co
    ServerAdmin webmaster
    ErrorLog /var/www/cdn/.log/error.log
    CustomLog /var/www/cdn/.log/access.log combined

    SuexecUserGroup cdnmin cdnmin

    <Directory /var/www/cdn>
            Options +ExecCGI
            IncludeOptional /dbc/vhost/common-set.conf
    </Directory>

    <Directory /var/www/cdn/.log>
            deny from all
    </Directory>

    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
            SetHandler "proxy:unix:/run/php/php7.2-fpm.cdnmin.sock|fcgi://localhost/"
    </FilesMatch>


   </VirtualHost>

    In fpm/pool.d :

        [cdnmin]
    user = cdnmin
    group = cdnmin
    listen = /run/php/php7.2-fpm.cdnmin.sock
    listen.owner = www-data
    listen.group = www-data
    listen.mode = 0666
    pm = dynamic
    pm.max_children = 5
    pm.start_servers = 2
    pm.min_spare_servers = 1
    pm.max_spare_servers = 3

    Pay attention to:

        listen.owner = www-data
    listen.group = www-data
    listen.mode = 0666
    • 0