Hello, I am researching a set-up of PHP-FPM (PHP 5.3.3, CentOS Base packages) + Zend OPCache (7.0.3) (Zend Optimizer +)
The set-up is intended for shared hosting, so every user runs with different FPM pool and the PHP scripts are executed with their own user. What I see is that the OPCache keeps a shared cache for all pools together and I am also able to see all the cached files executing ocp.php or opcache.php via any user. I also see that when the PHP-FPM server makes a graceful restart (reload) the cache is flushed. So, I have few questions/considerations here: - If different pools/users can see each other's cached files are they also able to read them? If yes, this means such setup (php-fpm + opcache) cannot be used in any shared environment as this is a big security leak (passwords are hardcoded in a configuration.php file on most platforms and they can be stolen in this way). If they are not able to read other user's files but only list them - this is still kind of security hole as I will be able to tell what exactly is each user running. Not good. Is there a way to avoid that? Probably the cache should be shared between the processes in a pool but not between the pools. - Can we keep the cache upon a greceful restart of the PHP-FPM? This will avoid a huge resource spike upon restarts. Thanks a lot for sharing! Greatly appreciated!
