← Back to team overview

ius-coredev team mailing list archive

  1. ius-coredev team
  2. Mailing list archive
  3. Message #03812

[Bug 1312972] Re: php54-fpm "warning: user apache does not exist - using root"

  Thread PreviousDate PreviousThread Next 
You are correct, all the logging is done by root, so it would be a lot
better to remove the %attr macro and leave that directory to default, or
whatever is later set by the system admin.

The problem is that in /etc/php-fpm.d/www.conf at the end of the file
php error_log is set to that same directory:

php_admin_value[error_log] = /var/log/php-fpm/www-error.log

and this logging is done by the php-fpm worker processes, which are run
by a none root user (this is set to apache in www.conf), which is
probably the reason why the owner of /var/log/php-fpm/ is set to apache.
So this is a problem.

Why is 'php_admin_value[error_log]' even set in www.conf by default? It
would probably be easier to comment that and add a comment that the
directory should belong to the process user.

Also why are any 'php_(admin_)value' even set, why not leave those to
the admin to decide in either php.ini, or wherever. I'm especially
talking about setting session handler and path:

; Set session path to a directory owned by process user
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session

Anyway, I would recommend to comment all 'php_(admin_)value' and even
change the error_log to a different directory like /var/log/php/www-
error.log, since those are not php-fpm errors, but actually php errors.
I would set the file like this:

;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@xxxxxxxxxxxxx
;php_flag[display_errors] = off
; Set error_log directory to a path owned by process user
;php_admin_value[error_log] = /var/log/php/www-error.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M

; Set session path to a directory owned by process user
;php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/session

-- 
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
https://bugs.launchpad.net/bugs/1312972

Title:
  php54-fpm "warning: user apache does not exist - using root"

Status in IUS Community Project:
  In Progress

Bug description:
  If you install/upgrade php54-fpm and Apache is not installed (which is
  usually the case if you are using Nginx), the php54-fpm prints this
  warning:

  "warning: user apache does not exist - using root"

  What I noticed is that this sets the owner of /var/log/php-fpm
  directory to owner root and 770 mode:

  $ ls -ld /var/log/php-fpm/
  drwxrwx---. 2 root root 4096 Apr  4 15:58 /var/log/php-fpm/

  
  This is a problem because php-fpm cannot write anything into that directory because of this. And the biggest problem is that if you set permissions and owner to the user which runs php-fpm (which is nginx in my case) after the package is upgraded, it overwrites those permission again.

  This same thing happens with php55u-fpm.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ius/+bug/1312972/+subscriptions

References

  Thread PreviousDate PreviousThread Next