Ask Your Question
1

Permissions (on folders in /var/lib/php) changed after update.

asked 2017-09-19 13:24:51 -0500

nginxlover123 gravatar image

I run fedora server 26 with nginx (1.12.1) and my webserver needs access to /var/lib/php/opcache, /var/lib/php/sessions and /var/lib/php/wsdlcache. Whenever there is an update for php, the folder's permission are changed from root:nginx to root:apache. Is there a way for me to make it so that doesn't happen i.e. the permission stays root:nginx after any update to php?

Right now I use a script I execute after every php update, but I would look for a more permanent solution in some config file that manages the permissions or something in that manner.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-09-20 00:46:32 -0500

remi gravatar image

updated 2017-09-20 00:53:07 -0500

This is expected (for security reason).

If you change the user running the FPM pool (which is unneeded, "apache" is perfectly ok, and most packaged applications rely on this value), you also need to change the session directory.

In the pool configuration ( www.conf ), this is explained in the comment

; Set the following data paths to directories owned by the FPM process user.
;
; Do not change the ownership of existing system directories, if the process
; user does not have write permission, create dedicated directories for this
; purpose.
;
; See warning about choosing the location of these directories on your system
; at http://php.net/session.save-path
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
;php_value[opcache.file_cache]  = /var/lib/php/opcache

So, for example

php_value[session.save_path]    = /var/lib/php/nginx/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/nginx/wsdlcache

And if you have various pool, each running on a different user, each will need its directories.

edit flag offensive delete link more

Comments

Do you mean that, I have to create another file in /etc/php-fpm.d/ and mention a user & group owner, then create a folder in /var/lib/php/nginx which I have to copy /var/lib/php/session and /var/lib/php/wsdlcache into it?

jalal gravatar imagejalal ( 2019-01-01 11:05:48 -0500 )edit

No. You don't need to change anything.

remi gravatar imageremi ( 2019-01-03 23:48:27 -0500 )edit

Then I have to change the owner permission each time I get it updated.

jalal gravatar imagejalal ( 2019-01-04 01:30:12 -0500 )edit

As explained in my answer, and as documented, if you change the user, you have to change the directories used. BTW, why damn do you think you have to change the user ?

remi gravatar imageremi ( 2019-01-04 08:26:39 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2017-09-19 13:24:51 -0500

Seen: 571 times

Last updated: Sep 20 '17