On 12/18/2014 03:05 AM, Georgi Petrov wrote: > - If different pools/users can see each other's cached files are they also > able to read them? If yes, this means such setup (php-fpm + opcache) cannot > be used in any shared environment as this is a big security leak (passwords > are hardcoded in a configuration.php file on most platforms and they can be > stolen in this way). If they are not able to read other user's files but > only list them - this is still kind of security hole as I will be able to > tell what exactly is each user running. Not good. Is there a way to avoid > that? Probably the cache should be shared between the processes in a pool > but not between the pools.
This is what the opcache.restrict_api setting is for. It will prevent scripts from seeing files in the cache. And no, you won't be able to read the scripts themselves either. > - Can we keep the cache upon a greceful restart of the PHP-FPM? This will > avoid a huge resource spike upon restarts. Nope, we don't want to disconnect the shared memory segment from the process that owns it because that causes all sorts of opportunities for leaking ipc segments. You would need to manually ipcrm the segment then to prevent the box from falling over. Way too brittle. PHP+Opcache gets up to speed quickly after a cache reset. If you are really worried about this on a high-traffic site, tell your load balancer to ramp up slowly after a restart, or pull the machine completely and run a cache-warming script before you tell your LB to send traffic again. -Rasmus
signature.asc
Description: OpenPGP digital signature
