← Back to team overview

ius-community team mailing list archive

Re: RFC IUS php 5.6 FPM

 

I don't know if Ben forwarded my feedback internally, so I'm replying now.
In my opinion using php or the current apache user doesn't make much of a
difference tbh, I don't see any advantage of using a new user except to be
different. When we setup Nginx+php-fpm we set them to run as same users,
which is the reason why the user in Fedora packages is apache, because they
want to run Apache and php-fpm with same users.

My biggest issue with php54/55u packages is that by default, besides
setting the owner of the /var/log/php-fpm directory to apache:apache, they
also set the permissions to 770. This is frustrating since if you configure
different permissions for that directory (e.g. 755 or whatever) every time
you update php-fpm it overwrites them to 770. I don't understand the
reasoning behind this, since if an admin wants to allow everyone (or to
restrict it even more) to read this directory it should be possible. I
mentioned this in the bug that was linked in the thread.

Regards,
Strahinja
Sounds good.  I hadn’t realized that it wasn’t using sockets by default, in
which case having phpXXu-fpm create it’s own user would make the most sense.

---
BJ Dierkes
Data Folk Labs, LLC

From: Carl George <carl.george@xxxxxxxxxxxxx> <carl.george@xxxxxxxxxxxxx>
Reply: Carl George <carl.george@xxxxxxxxxxxxx>> <carl.george@xxxxxxxxxxxxx>
Date: September 12, 2014 at 9:43:34 AM
To: ius-community@xxxxxxxxxxxxxxxxxxx <ius-community@xxxxxxxxxxxxxxxxxxx>>
<ius-community@xxxxxxxxxxxxxxxxxxx>
Subject:  Re: [Ius-community] RFC IUS php 5.6 FPM

I think the best solution is to just use a dedicated php-fpm user. The
default configuration is to listen on a tcp port, so the user doesn't
matter. If you change the config to use a unix socket, then just add the
webserver user to the php-fpm group.

Advantages:
* works out of the box
* easy to maintain
* simple to explain
* package names don't diverge from the stock layout

Disadvantages:
* ?

- Carl

________________________________________
From: Ius-community [ius-community-bounces+carl.george=
rackspace.com@xxxxxxxxxxxxxxxxxxx] on behalf of Ben Harper [
ben.harper@xxxxxxxxxxxxx]
Sent: Tuesday, September 09, 2014 05:22 PM
To: ius-community@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Ius-community] RFC IUS php 5.6 FPM

On 09/08/2014 04:04 PM, Ben Harper wrote:
> Greetings,
>
> The initial build of IUS php56u packages will be hitting the testing
> repo tonight for Red Hat and CentOS 7. We would like some input on
> how to handle the FPM package. Historically Red Hat and IUS packages
> have taken approach that FPM would be used with Red Hat's default web
> server, Apache. With the popularity of Nginx and other web servers,
> we want to reevaluate this approach.
>
> Up until recently, the main php package (php54 and php55u) required
> Apache for mod_php and the php FPM logs were owned by the apache
> user. Since both php54 and php55u had been in the stable repos for
> some time, we were very cautious about making changes. We removed the
> requirement for Apache, but kept the logs owned by the apache user[0].
>
> Seeing that php56u is a brand new package, we can afford to completely
> rethink how we handle php FPM. We could follow Red Hat lead and
> assume FPM will be used with Apache. We could also do what we did
> with php53u and php54. Another option would be not to require Apache
> and have the logs owned by a new user like http, php, php-fpm or some
> other user. Are there other ideas we should consider?
>
> Thanks,
> Ben and the rest of the IUS covedev team
>
> [0] https://bugs.launchpad.net/ius/+bug/1312972
>
> _______________________________________________
> Mailing list: https://launchpad.net/~ius-community
> Post to : ius-community@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ius-community
> More help : https://help.launchpad.net/ListHelp

BJ had an interesting idea in #iuscommunity. His idea was to have a
dedicate package for FPM and Nginx, something like php56u-fpm-nginx.
The php56u and php56u-fpm would continue to use Apache, while the
php56u-fpm-nginx would be set up to work with Ngnix. I think this idea
is worthy of consideration.

-Ben

_______________________________________________
Mailing list: https://launchpad.net/~ius-community
Post to : ius-community@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~ius-community
More help : https://help.launchpad.net/ListHelp

_______________________________________________
Mailing list: https://launchpad.net/~ius-community
Post to : ius-community@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~ius-community
More help : https://help.launchpad.net/ListHelp


_______________________________________________
Mailing list: https://launchpad.net/~ius-community
Post to     : ius-community@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~ius-community
More help   : https://help.launchpad.net/ListHelp

Follow ups

References