Jump to content

Home directory for the user PHP is running under


NotionCommotion

Recommended Posts

Finally left Centos and gave Ubuntu a try.  Also, changed from apache to nginix. All went much easier than Centos but have one issue.

I wish to have a non-human user dedicated to each website which PHP will run under and postgresql will use.  I created my user but didn't provide a home directory (useradd -M abtfile).  My configuration is shown below and phpinfo shows abtfile as the user but /home/abtfile as the home.

I am now thinking I should have created a home for the user should keys or similar be needed for it, and think my options are:

  1. Home directory: /home/abtfile          Host site: /var/www/abtfile/public.   Doesn't seem right.
  2. Home directory: /home/abtfile          Host site: /home/abtfile/public.         Better but not sure.
  3. Home directory: /var/www/abtfile    Host site: /var/www/abtfile/public.    Likely but not sure.

Questions.

  1. Should abtfile user have a home directory?
  2. Which of my three options or some other approach should be used?
  3. Do I define the home directory location the same way as for any linux user or must it also be defined under some php or nginix config file?

Thanks!

PS.  Not having issues (yet), however, if you see any issues under my below configuration files, please let me know.

/etc/php/8.1/fpm/pool.d/abtfile.conf

[abtfile]
user = abtfile
group = abtfile

; Call whatever I want. Use ls -l /run/php/ to see existing sockets.
listen = /var/run/php8.1-fpm-abtfile.sock

; Must match to the user and group on which NGINX is running
listen.owner = www-data
listen.group = www-data

; Consider changing below valves.

; mandatory
pm = dynamic
pm.max_children = 5 
pm.min_spare_servers = 1
pm.max_spare_servers = 3

; Use default values.
; pm.start_servers = 2
; pm.max_spawn_rate = 32
; pm.process_idle_timeout = 10s

; Not sure if necessary or correct
; Allows to set custom php configuration values.
; php_admin_value[disable_functions] = exec,passthru,shell_exec,system
; Allows to set PHP boolean flags
; php_admin_flag[allow_url_fopen] = off

; Add environmental data if desired.
; env[HOSTNAME] = $HOSTNAME
; env[TMP] = /tmp


/etc/nginx/sites-available/abtfile

server {
    server_name abtfile.testing.com;
    listen 80;
    listen [::]:80;

    root /var/www/abtfile/public;
    index index.php index.html index.htm;

    access_log /var/log/nginx/abtfile-access.log;
    error_log /var/log/nginx/abtfile-error.log;

    location / {
            try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php8.1-fpm-abtfile.sock;
            fastcgi_split_path_info ^(.+\.php)(/.+)$; # What does this do?
            #fastcgi_index index.php;  # Causes error.  Maybe remove from above?
    }
}


/etc/nginx/php_fastcgi.conf 

try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_pass            unix:/run/php/php-fpm.sock;
fastcgi_index            index.php;
fastcgi_buffers            8 16k;
fastcgi_buffer_size        32k;
fastcgi_hide_header             X-Powered-By;
fastcgi_hide_header             X-CF-Powered-By;

 

Link to comment
Share on other sites

On a typical Debian/Ubuntu system, website stuff is at /var/www. There's nothing wrong with putting their home directories in there - tons of system accounts do things like that, just check /etc/passwd.

And make sure you've disabled logins for those users.

  • Great Answer 1
Link to comment
Share on other sites

5 hours ago, NotionCommotion said:

Seem like if a user doesn't have a home directory, php assumes it is at the typical /home/abtfile.

PHP doesn't assume something afaik.  useradd does though.  If you don't explicitly specify a home directory, it defaults to appending the username to the base directory, which is /home by default.

Quote

-d, --home HOME_DIR

The new user will be created using HOME_DIR as the value for the user's login directory. The default is to append the LOGIN name to BASE_DIR and use that as the login directory name. The directory HOME_DIR does not have to exist but will not be created if it is missing.

And

Quote

-b, --base-dir BASE_DIR

The default base directory for the system if -d HOME_DIR is not specified. BASE_DIR is concatenated with the account name to define the home directory. If the -m option is not used, BASE_DIR must exist.

If this option is not specified, useradd will use the base directory specified by the HOME variable in /etc/default/useradd, or /home by default.

I'd probably go with option three if I were setting up a system with a separate user per site.  Makes the most sense to me.

For my personal setup where I host myself and a few friends I just created separate users for the different people I host then symlink their sites in /var/www in their normal home directory. Each user has their own PHP-FPM pool and all their sites use their pool.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.