Is it possible to run a shared php-pool while keeping security?

I’m trying to configure my first VPS using nginx and php-fpm. I’ve set
it up
and everything is working well, but I’ve realized that for every user
created there is a separate php-fpm pool what takes about 30 MB of
memory
even when idling. It wouldn’t be a big problem on a huge machine, but
I’m
trying to do this in a 128 MB lowendbox, so it’s not really nice.

I’ve asked in a thread on lowendbox, and received a lot of help in this
thread, but I’m still confused:

Can you tell me some general guidelines how would it be possible to both
have a secure setup and one that runs on low memory servers? Or it’s not
possible? What I’d like to do is very simple:

  1. Have users separated, having separate accounts, scp acces, etc.
  2. Only have a single php-pool for all of them, not for each one of
    them.

Is it possible to do it in a secure way? I mean I figured out that I can
run
the shared pool with a group-user, but then ‘alice’ can write a php
script
to list 'bob’s files. Are there any better solution? How is it done in
proper shared hosting, do they physically reserve at 64 MB RAM for each
user?

Posted at Nginx Forum:

You shall try php-fpm with ondemand pools, PHP 5.4 support this
directive,
having a shared pool for different users is not secure.

Posted at Nginx Forum:

Thank you for your reply. I’ve set ondemand and pm.start_servers = 0.
Now it
works perfectly, but there is a slight delay while the first process
starts.
I mean it could be an issue for rarely accessed sites, where the
visitors
always have to wait for the php process to start.

Do I feel it right? Is ondemand really slower compared to dynamic for
the
first visitor?

Posted at Nginx Forum:

It will need to spawn the pool, if you’re on
ultra-cheap-ultra-low-powered
vps, this can be slow, because of slow cpu, low ram and very small disk
cache portion which belongs to your vps, on a dedicated machine with 2
GB
ram i dont notice any delays with spawning fpm pools on demand. Anyway i
dont see much options for you with 128 Megs, even better configs can be
slow, depending on the vps provider and hypervisor they use.

Additional suggestion to you - remove PHP extensions which are not
needed

extension=hash.so
extension=session.so
extension=dom.so
extension=xml.so
extension=mysql.so
extension=mbstring.so
extension=zlib.so
extension=gd.so
extension=curl.so
extension=json.so
;extension=bcmath.so
extension=exif.so
extension=mcrypt.so
extension=simplexml.so
;extension=pdo_mysql.so
extension=sysvmsg.so
extension=tokenizer.so
extension=ctype.so
extension=mysqli.so
extension=iconv.so
extension=gmp.so
extension=openssl.so
extension=gettext.so
extension=zip.so

anything except that list is most likely just hogging your RAM )

Make sure to install a PHP opcode cache (not less than 32M), it will hog
its
own piece of RAM but will decrease RAM consumption for processing
scripts,
i.e. Wordpress 28 Mb to 4 Mb, eaccelerator still can swap to disk
precompiled scripts, therefore (at my look) it will be the best choice
(you
will need master branch from GIT for PHP 5.4)

Posted at Nginx Forum: