Forum: NGINX Multiple site with PHP-FPM home directory permission

Hi Guys!

I have an nginx server with multiple virtual hosted site. Every site
running with unique user permission using PHP-FPM.
Its all fine, i see the user variable in the phpinfo page and i see the
right username.

However i have a little problem.
Here an example what is have then i write what is the problem.

in the /var/www directory i have all site webroot like:

domain.tld
domain1.tld

etc..

every folder have the connected php-fpm user rights like owner and group

so domain.tld folder user and group is domain.tld
and have 0755 permission, so only the owner can write group and 
everybody
else just read.

I want to restrict this to that only thy owner/group can enter this
directory, so i need 0750 flag.
In that case the web site no longer loaded i see 404 error and in the 
log
files a permission denied error.
Then i realize i need to gain access to the www-data too, because this
user try to enter to the main directory.
So i add www-data to the domain.tld group, but same problem. I all can 
get
the permission denied.
If i set back the 0755 permission, so everybody can read/enter this
directory it will working again.

Is there any way to set a permission that the web page working fine but
the directory only accessible by the owner and www-data and root?

Thx for the help!
Peter

On 11/01/13 21:07, peter@donka.hu wrote:
> in the /var/www directory i have all site webroot like:
> else just read.
> directory it will working again.
>
> Is there any way to set a permission that the web page working fine but
> the directory only accessible by the owner and www-data and root?
>
> Thx for the help!
> Peter
>
chgrp -R www-data .
find . -type d | xargs chmod 2750

will provide and future proof read access to the web server.  I assume
there is a dedicated php-fpm process for each site, running as the
appropriate owner.