ius-community team mailing list archive

[Ben Harper <ben.harper@xxxxxxxxxxxxx>]

Thanks to everyone who proved feedback on this thread and through other 
channels.  Most of the ideas fell into two buckets, web server specific 
or web server generic.  At this time, we feel that leave any web server 
configuration out of our php56u-fpm package is best approach.  Updated 
packages will be hitting the testing repos tonight.

It is important to note, using anything but Apache and mod_php may cause 
issues with php application RPMs that are excepting the stock EL 
approach.    They might want to add some Apache configuration files for 
example.  Off the top of my head, I can't name a RPM that does this, but 
I would not be surprised if there are plenty out there.

Please let us know if you run into any issues with these updated packages.


-Ben


On 09/12/2014 11:06 AM, Strahinja Kustudic wrote:
> I don't know if Ben forwarded my feedback internally, so I'm replying 
> now. In my opinion using php or the current apache user doesn't make 
> much of a difference tbh, I don't see any advantage of using a new 
> user except to be different. When we setup Nginx+php-fpm we set them 
> to run as same users, which is the reason why the user in Fedora 
> packages is apache, because they want to run Apache and php-fpm with 
> same users.
>
> My biggest issue with php54/55u packages is that by default, besides 
> setting the owner of the /var/log/php-fpm directory to apache:apache, 
> they also set the permissions to 770. This is frustrating since if you 
> configure different permissions for that directory (e.g. 755 or 
> whatever) every time you update php-fpm it overwrites them to 770. I 
> don't understand the reasoning behind this, since if an admin wants to 
> allow everyone (or to restrict it even more) to read this directory it 
> should be possible. I mentioned this in the bug that was linked in the 
> thread.
>
> Regards,
> Strahinja
>
> Sounds good.  I hadn’t realized that it wasn’t using sockets by 
> default, in which case having phpXXu-fpm create it’s own user would 
> make the most sense.
>
> ---
> BJ Dierkes
> Data Folk Labs, LLC
>
> From: Carl George <carl.george@xxxxxxxxxxxxx> 
> <mailto:carl.george@xxxxxxxxxxxxx>
> Reply: Carl George <carl.george@xxxxxxxxxxxxx>> 
> <mailto:carl.george@xxxxxxxxxxxxx>
> Date: September 12, 2014 at 9:43:34 AM
> To: ius-community@xxxxxxxxxxxxxxxxxxx 
> <mailto:ius-community@xxxxxxxxxxxxxxxxxxx> 
> <ius-community@xxxxxxxxxxxxxxxxxxx>> 
> <mailto:ius-community@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Ius-community] RFC IUS php 5.6 FPM
>
> > I think the best solution is to just use a dedicated php-fpm user. 
> > The default configuration is to listen on a tcp port, so the user 
> > doesn't matter. If you change the config to use a unix socket, then 
> > just add the webserver user to the php-fpm group.
> >
> > Advantages:
> > * works out of the box
> > * easy to maintain
> > * simple to explain
> > * package names don't diverge from the stock layout
> >
> > Disadvantages:
> > * ?
> >
> > - Carl
> >
> > ________________________________________
> > From: Ius-community 
> > [ius-community-bounces+carl.george=rackspace.com@xxxxxxxxxxxxxxxxxxx 
> > <mailto:rackspace.com@xxxxxxxxxxxxxxxxxxx>] on behalf of Ben Harper 
> > [ben.harper@xxxxxxxxxxxxx <mailto:ben.harper@xxxxxxxxxxxxx>]
> > Sent: Tuesday, September 09, 2014 05:22 PM
> > To: ius-community@xxxxxxxxxxxxxxxxxxx 
> > <mailto:ius-community@xxxxxxxxxxxxxxxxxxx>
> > Subject: Re: [Ius-community] RFC IUS php 5.6 FPM
> >
> > On 09/08/2014 04:04 PM, Ben Harper wrote:
> > > Greetings,
> > >
> > > The initial build of IUS php56u packages will be hitting the testing
> > > repo tonight for Red Hat and CentOS 7. We would like some input on
> > > how to handle the FPM package. Historically Red Hat and IUS packages
> > > have taken approach that FPM would be used with Red Hat's default web
> > > server, Apache. With the popularity of Nginx and other web servers,
> > > we want to reevaluate this approach.
> > >
> > > Up until recently, the main php package (php54 and php55u) required
> > > Apache for mod_php and the php FPM logs were owned by the apache
> > > user. Since both php54 and php55u had been in the stable repos for
> > > some time, we were very cautious about making changes. We removed the
> > > requirement for Apache, but kept the logs owned by the apache user[0].
> > >
> > > Seeing that php56u is a brand new package, we can afford to completely
> > > rethink how we handle php FPM. We could follow Red Hat lead and
> > > assume FPM will be used with Apache. We could also do what we did
> > > with php53u and php54. Another option would be not to require Apache
> > > and have the logs owned by a new user like http, php, php-fpm or some
> > > other user. Are there other ideas we should consider?
> > >
> > > Thanks,
> > > Ben and the rest of the IUS covedev team
> > >
> > > [0] https://bugs.launchpad.net/ius/+bug/1312972
> > >
> > > _______________________________________________
> > > Mailing list: https://launchpad.net/~ius-community 
> > <https://launchpad.net/%7Eius-community>
> > > Post to : ius-community@xxxxxxxxxxxxxxxxxxx 
> > <mailto:ius-community@xxxxxxxxxxxxxxxxxxx>
> > > Unsubscribe : https://launchpad.net/~ius-community 
> > <https://launchpad.net/%7Eius-community>
> > > More help : https://help.launchpad.net/ListHelp
> >
> > BJ had an interesting idea in #iuscommunity. His idea was to have a
> > dedicate package for FPM and Nginx, something like php56u-fpm-nginx.
> > The php56u and php56u-fpm would continue to use Apache, while the
> > php56u-fpm-nginx would be set up to work with Ngnix. I think this idea
> > is worthy of consideration.
> >
> > -Ben
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~ius-community 
> > <https://launchpad.net/%7Eius-community>
> > Post to : ius-community@xxxxxxxxxxxxxxxxxxx 
> > <mailto:ius-community@xxxxxxxxxxxxxxxxxxx>
> > Unsubscribe : https://launchpad.net/~ius-community 
> > <https://launchpad.net/%7Eius-community>
> > More help : https://help.launchpad.net/ListHelp
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~ius-community 
> > <https://launchpad.net/%7Eius-community>
> > Post to : ius-community@xxxxxxxxxxxxxxxxxxx 
> > <mailto:ius-community@xxxxxxxxxxxxxxxxxxx>
> > Unsubscribe : https://launchpad.net/~ius-community 
> > <https://launchpad.net/%7Eius-community>
> > More help : https://help.launchpad.net/ListHelp
>
> _______________________________________________
> Mailing list: https://launchpad.net/~ius-community 
> <https://launchpad.net/%7Eius-community>
> Post to     : ius-community@xxxxxxxxxxxxxxxxxxx 
> <mailto:ius-community@xxxxxxxxxxxxxxxxxxx>
> Unsubscribe : https://launchpad.net/~ius-community 
> <https://launchpad.net/%7Eius-community>
> More help   : https://help.launchpad.net/ListHelp
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~ius-community
> Post to     : ius-community@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ius-community
> More help   : https://help.launchpad.net/ListHelp