Menu
I have a user on my Linux machine ("php") that is a member of two groups. The primary group is "php" and a supplementary group is "www".
I have a directory on my Linux machine (/home/www/public/wp-content/uploads) whose user is www and whose group is www and whose permissions are set to 775.
I expect that a process running as the "php" user should be able to read and write files in that directory. If I run a script from the command line that fopen's a file in that directory as the "php" user, it works fine!
However if I start php-fpm with user "php" and group "php", I get a "permission denied" error when trying to write to that directory.
I expect that the php-fpm process should still be able to write to that directory, since it's running as the "php" user, which is part of the "www" group that owns the directory. But I get "permission denied."
Why does the php-fpm behavior differ from the behavior from a php script?
(I restarted php-fpm after I added the secondary group, so it's not a staleness issue.)
992
It looks like the php-fpm source code calls setgid here: https://github.com/php/php-src/blob/master/sapi/fpm/fpm/fpm_unix.c#L383-L386
if (0 > setgid(wp->set_gid)) {
zlog(ZLOG_SYSERROR, "[pool %s] failed to setgid(%d)", wp->config->name, wp->set_gid);
return -1;
}
As far as I am able to determine, a process cannot access permissions available to supplementary groups after it invokes setgid, so I'm SOL.
186
Most likely you configured the fpm daemon poorly, you would need to specify the group in the conf file like this: [php] group=php
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
