php-fpm file permission

Hi,

I just finished a new WordPress installation inside a jail and I have a question regarding file permission.
/usr/local/etc/php-fpm.d/staging.conf
Code:
[mywebsite]
user =  $pool
group = www

listen = /var/run/$pool.sock

listen.owner = www
listen.group = www
listen.mode = 0660

pm = ondemand
pm.max_children = 20
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.process_idle_timeout = 60s;
pm.max_requests = 200
pm.status_path = /status
request_terminate_timeout = 0

env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /home/$pool/tmp
env[TMPDIR] = /home/$pool/tmp
env[TEMP] = /home/$pool/tmp

php_admin_value[open_basedir]       = /home/$pool/public_html:/home/$pool/tmp:/usr/local/share/pear:/usr/local/lib/php
php_admin_value[disable_functions]  = "exec,passthru,shell_exec,system,proc_open,popen,show_source"
php_admin_flag[allow_url_fopen]     = On
;security.limit_extensions          = .php .shtml
php_admin_value[date.timezone]      = Europe/London

php_flag[display_errors]            = off
php_admin_flag[log_errors]          = on
php_admin_value[error_reporting]    = 30711
php_admin_value[error_log]          = /home/$pool/public_html/logs/php_error.$pool.log
php_admin_value[memory_limit]       = 128M
php_value[upload_max_filesize]      = 8M
php_value[max_execution_time]       = 60
php_admin_value[upload_tmp_dir]     = /home/$pool/tmp
php_admin_value[session.save_path]  = /home/$pool/tmp

chdir = /
When I upload a WordPress image, I see the following:
Code:
-rw-r-----  1 equstaging  www         134567 Sep 10 15:12 md1200-1000x750.jpg
-rw-r-----  1 mywebsite  www           7339 Sep 10 15:12 md1200-150x150.jpg
-rw-r-----  1 mywebsite  www          17566 Sep 10 15:12 md1200-300x225.jpg
-rw-r-----  1 mywebsite  www          85171 Sep 10 15:12 md1200-768x576.jpg
-rw-r-----  1mywebsite  mywebsite  318507 Sep 10 15:12 md1200.jpg

Question: why does the original file 'md1200.jpg' is not showing the www group?

Thank you
 
Code:
drwxr-xr-x  7 mywebsite  mywebsite        27 Sep  5 22:48 public_html/
drwxr-xr-x  3 mywebsite  mywebsite      1055 Sep 10 16:38 tmp/
 
I am certainly no authority on this, but I'd say that's where it's getting username and group from when creating the initial file.
Try changing the directory group to www and upload something else, see if it that has the desired effect.
 
I suspect the website is running on suPHP, everything would be running on (and saved as) www:www normally. So I would check the primary group of the mywebsite user account. And/or your suPHP configuration.
 
SirDice if everyting run as www:www how the user mywebsite do to update the file?
mywebsite will have no permision to do so?
 
And that's exactly what suPHP does: https://www.suphp.org/Home.html
suPHP is a tool for executing PHP scripts with the permissions of their owners.
It was commonly used on DirectAdmin (and similar tools) to separate the different websites and owners. So one website owner couldn't 'hijack' another owner's website.

But I see that suPHP has been integrated, more or less, into php-fpm.
 
I don't think iuse suPHP .. but yes, I separate the different websites and owners via php-fpm config file.
This allows me to create the user home directory for each user.
So what is the issue in my setup?
 
Have a look at id mywebsite, and compare it with the working ones. It might have the wrong primary group or is not a member of the www group at all.
 
I got it figured out..
in my /usr/local/etc/php-fpm.d/staging.conf I have the following:
Code:
...
env[TMP] = /home/$pool/tmp
env[TMPDIR] = /home/$pool/tmp
env[TEMP] = /home/$pool/tmp
...
When I do chgrp www /tmp then all the files are uploaded as mywebsite:www
I am not quite sure why this is the fix tough :-/:-/
 
Back
Top