![]() This is the only proper model, functionality, and security-wise. If you simply stick to this permissions model, you will not encounter any chmod / chown issues in the future. In octal notation, this results in 0750 chmod for all directories and 0640 for all files. All other users cannot read or write anything.Website group (webserver user) can read all files and traverse all directories, but not write.Website user ( example) can read, write all files, and read all directories.The following general chmod setup will allow for any website to function properly: chmod -R u=rwX,g=rX,o= /path/to/website/files Here is a simple rule: all the files should be owned by the website user and the website user’s group: chown -R example:example /path/to/website/files This reads as: add nginx user to group example. This will allow us to control what NGINX can read or not, via group chmod permission bit. We must connect things up so that NGINX (webserver) user can read files that belong to the website user’s group. So the configuration is straightforward and translates to the following directives in /etc/nginx/nf: user nginx This is the “global” webserver user that is used for all websites. NGINX must run with it own unprivileged user, which is nginx (RHEL-based systems) or www-data (Debian-based systems). etc/php-fpm.d/, you must set things to match with the created username: listen = /var/run/php-fpm/ Now, set its password by running: passwd exampleĮach website in PHP-FPM should be run under a separate pool. magento for a Magento website or example for website. The username should reflect either the domain name of the website that it “runs”, or the type of corresponding CMS, e.g.This is wrong and will lead to more trouble! Do not use www-data or nginx as website user.If your website user is ubuntu or centos, or, root – you’re asking for much trouble. This is the user that PHP-FPM will execute scripts with.The PHP-FPM user should be a special user that you create for running your website, whether it is Magento, WordPress, or anything. PHP-FPM user (as known as the website user) The following permissions/ownership model applies to all NGINX/PHP-FPM websites and allows you to host websites without any problems, in a secure way. You can see recommendations that 777 is never good, but I could not see a simple guide on permissions that can be used as a reference point for everyone. If you want to install NGINX, Varnish, and lots of useful performance/security software with smooth yum upgrades for production use, this is the repository for you.īeing an avid StackExchange user, I could see how many users completely lack an understanding of the proper permissions model in the most popular, LEMP stack. We have by far the largest RPM repository with NGINX module packages and VMODs for Varnish.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |