Knowledgebase

Portal Home > Knowledgebase > Articles Database > nginx + php-fpm running with permissions of different users


nginx + php-fpm running with permissions of different users




Posted by stexine, 08-23-2013, 04:02 AM
there are many tutorial on the web about running php-fpm pool with different users. For a shared host, I think there is some security issue with this setting. For example, we have user1 and user2. in php-fpm pool 127.0.0.1:9001 runs as user1, 127.0.0.1:9002 runs as user2 If user1 writes a php program that open 127.0.0.1:9002 and send some php script to that php-fpm, guess what happen? Can user1 change any files owned by user2? what is the solution to this problem? thank you all!
Posted by avibodha, 11-28-2013, 02:17 AM
user1 can only send a path to :9002, not code. And the file on the path will only execute if owned by user2. So user1 would need to create a file owned by user2 in order to execute it.
Posted by raffo, 11-28-2013, 08:22 PM
both users can execute any php script on the pool of other users. But only the owner, if chmod is lower than 755, can write code using non-owner pool. If you use php-fpm, please use chroot and chdir function to make the users in different jails, so they can't read, execute and write any files of other users. Anyway, user1 will run the fpm pool of user2 ONLY if on nginx there are a pass_fcgi or a upstream directive that use the pool of user2. So this will only be a bug of configuration vhost.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Question for home networking - 5 useable IP's (Views: 444)
Host closed / Can't get access to my data (Views: 524)
Opening Port 443 to access Asdm Cisco 5505 (Views: 465)
Scheduled Consecutive shell commands or as cron job (Views: 452)
Server To Server Transfer Of Accounts (Views: 467)

Language: