I have long standing continual permissions issues with my setup, Nginx-Mainline, PHP-FPM, & Github.
Firstly, can someone be kind enough to paste some data from their default conf files here for me to compare to my setup.
###############################################
From:
www.conf
/usr/share/defaults/php/php-fpm.d/www.conf
Paste full section:
; Unix user/group of processes
user = ???
group = ???
Paste full section:
; Set permissions for unix socket,
; mode is set to ???
;listen.owner = ???
;listen.group = ???
;listen.mode = ???
###############################################
nginx.conf.example
/usr/share/nginx-mainline/conf/nginx.conf.example
Does the top line or is there a line anywhere for:
user ?????;
###############################################
At this point trying to establish Clear Linux’s default Nginx-Mainline worker process user (is it nobody or httpd)
and
php-fpm (is user nobody or httpd and the group is it nobody or httpd)
One point to ask is, since Clear Linux doesn’t have Apache bundle, why is there a httpd user on the system if Nginx defaults to user nobody? Maybe some other bundle created user httpd?
Then can try move on to other complications as I have insurmountable permissions confusion concerning owner:group file/dir mode on my system.
I have system level user account development with ssh, sftp access.
I have system level group httpDEV
Group httpDEV has users httpd & development
I have a directory postAdsMedia it is used by Symfony Web App to allow users to Create an Ad with ability to upload Images & Video. A PDF invoice is created and saved to disk when the user finalises the posting process.
/var/www/http/websitedomain/public/postAdsMedia
subdirectories created for media:
-userId
-invoices
-thumbnail
etc
Since nginx-mainline my php www.conf has user httpd defined, the media directories are owner:group httpd:httpd both have rwx mode.
If postAdsMedia owner and group is anything other than httpd including if the group is httpDev (which user httpd is apart of) I get permissions error and cannot write to the directories.
I cannot fathom why if the user httpd (php-fpm & nginx worker) is in the group httpDev which has rwx mode why it doesn’t have write access.
Such as if postAdsMedia where development:httpDEV both rwx.
development & httpd users are in httpDEV group.
Maybe I need set owner to development and add user httpd to group development, but I struggle to come up with reason why this would work.
It leads me to think there’s some other phantom user maybe nobody interfering, since nobody is not in group httpDEV (hence one requesting default nginx/php conf users info, maybe I need consider reset all user back to nobody.
The other complications involve Git push/merging.
Local user account is development and is the Git account.
Every Git push/merge keeps changing the owner:group of every file/dir it touches from httpd:httpDEV to development:development.
There are no users assigned to group development and so after a Git it breaks many areas of my site and I have to change owner of everything back to httpd:httpDEV, royally annoying.
When it comes to directories, it’s generally acknowledged that mode 755 is acceptable but files, is not so clear cut. I see no apparent reason for Public to have read or write or execute on any php file, script php code file or Symfony packages. For these I seem to expect 644 user rw, group r, public.
Maybe 660 rw for both owner:group is the maximum mode needed, but ask the question and a get a million different answers. I don’t see reason for php user to write to any file, read yes, execute I see no reason either.
I prefer avoid an extermination strategy, that is, set php/nginx user to account user development and set all file/dir to development:development.