I don't know if Ben forwarded my feedback internally, so I'm replying now. In my opinion using php or the current apache user doesn't make much of a difference tbh, I don't see any advantage of using a new user except to be different. When we setup Nginx+php-fpm we set them to run as same users, which is the reason why the user in Fedora packages is apache, because they want to run Apache and php-fpm with same users.
My biggest issue with php54/55u packages is that by default, besides setting the owner of the /var/log/php-fpm directory to apache:apache, they also set the permissions to 770. This is frustrating since if you configure different permissions for that directory (e.g. 755 or whatever) every time you update php-fpm it overwrites them to 770. I don't understand the reasoning behind this, since if an admin wants to allow everyone (or to restrict it even more) to read this directory it should be possible. I mentioned this in the bug that was linked in the thread. Regards, Strahinja Sounds good. I hadn’t realized that it wasn’t using sockets by default, in which case having phpXXu-fpm create it’s own user would make the most sense. --- BJ Dierkes Data Folk Labs, LLC From: Carl George <[email protected]> <[email protected]> Reply: Carl George <[email protected]>> <[email protected]> Date: September 12, 2014 at 9:43:34 AM To: [email protected] <[email protected]>> <[email protected]> Subject: Re: [Ius-community] RFC IUS php 5.6 FPM I think the best solution is to just use a dedicated php-fpm user. The default configuration is to listen on a tcp port, so the user doesn't matter. If you change the config to use a unix socket, then just add the webserver user to the php-fpm group. Advantages: * works out of the box * easy to maintain * simple to explain * package names don't diverge from the stock layout Disadvantages: * ? - Carl ________________________________________ From: Ius-community [ius-community-bounces+carl.george= [email protected]] on behalf of Ben Harper [ [email protected]] Sent: Tuesday, September 09, 2014 05:22 PM To: [email protected] Subject: Re: [Ius-community] RFC IUS php 5.6 FPM On 09/08/2014 04:04 PM, Ben Harper wrote: > Greetings, > > The initial build of IUS php56u packages will be hitting the testing > repo tonight for Red Hat and CentOS 7. We would like some input on > how to handle the FPM package. Historically Red Hat and IUS packages > have taken approach that FPM would be used with Red Hat's default web > server, Apache. With the popularity of Nginx and other web servers, > we want to reevaluate this approach. > > Up until recently, the main php package (php54 and php55u) required > Apache for mod_php and the php FPM logs were owned by the apache > user. Since both php54 and php55u had been in the stable repos for > some time, we were very cautious about making changes. We removed the > requirement for Apache, but kept the logs owned by the apache user[0]. > > Seeing that php56u is a brand new package, we can afford to completely > rethink how we handle php FPM. We could follow Red Hat lead and > assume FPM will be used with Apache. We could also do what we did > with php53u and php54. Another option would be not to require Apache > and have the logs owned by a new user like http, php, php-fpm or some > other user. Are there other ideas we should consider? > > Thanks, > Ben and the rest of the IUS covedev team > > [0] https://bugs.launchpad.net/ius/+bug/1312972 > > _______________________________________________ > Mailing list: https://launchpad.net/~ius-community > Post to : [email protected] > Unsubscribe : https://launchpad.net/~ius-community > More help : https://help.launchpad.net/ListHelp BJ had an interesting idea in #iuscommunity. His idea was to have a dedicate package for FPM and Nginx, something like php56u-fpm-nginx. The php56u and php56u-fpm would continue to use Apache, while the php56u-fpm-nginx would be set up to work with Ngnix. I think this idea is worthy of consideration. -Ben _______________________________________________ Mailing list: https://launchpad.net/~ius-community Post to : [email protected] Unsubscribe : https://launchpad.net/~ius-community More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~ius-community Post to : [email protected] Unsubscribe : https://launchpad.net/~ius-community More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~ius-community Post to : [email protected] Unsubscribe : https://launchpad.net/~ius-community More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~ius-community Post to : [email protected] Unsubscribe : https://launchpad.net/~ius-community More help : https://help.launchpad.net/ListHelp
