Why does php-fpm ignore permissions defined for additional groups?

Question

Why does php-fpm ignore permissions defined for additional groups?

I have a user on my Linux machine ("php") that is a member of two groups. The main group is php, and the secondary group is www.

I have a directory on my Linux machine (/ home / www / public / wp-content / uploads) whose user wwwand whose group wwwand whose permissions are set to 775.

I expect a process running as a php user should be able to read and write files in this directory. If I run a script from the command line that the fopenfile in this directory as a php user, it works fine!

However, if I run php-fpm with the user "php" and the group "php", when I try to write to this directory, I get an "access denied" error.

I expect the php-fpm process will still be able to write to this directory, since it works as a php user who is part of the www group that owns the directory. But I get a "permission denied".

Why is the behavior of php-fpm different from the behavior of php script?

(I restarted php-fpm after adding the second group, so this is not a problem with the immobility issue.)

+4

unix php permissions fpm

Kevin burke Dec 20 '16 at 23:01

source share

2 answers

, fpm, conf : [php] group = php

+1

Stelian 21 . '16 1:03

Kevin Burke · Accepted Answer · 2016-12-22T23:28:04+0000

, php-fpm setgid : https://github.com/php/php-src/blob/master/sapi/fpm/fpm/fpm_unix.c#L383-L386

        if (0 > setgid(wp->set_gid)) {
            zlog(ZLOG_SYSERROR, "[pool %s] failed to setgid(%d)", wp->config->name, wp->set_gid);
            return -1;
        }

, setgid, SOL.

Why does php-fpm ignore permissions defined for additional groups?

More articles: