Question 30574 in Wordpress Question posted in
The official Wordpress documentation can be found here.

How much damage is changing the user on fpm/pool.d/website-name.conf NGINX – WordPress

I have changed the user under the file /etc/php/7.3/fpm/pool.d/website-name.conf

user = ftplatinopeeyush
group = ftplatinopeeyush

Only those parameters were changed on that file. The following line I didn’t touch it.

listen = /var/run/user-name.sock

Why Did I change this parameters?

I created a FTP user and changed the ownership of the webfiles to this user so I can upload files to the Server but then wordpress said that the files were not writable.

Now after changing the user on the pool.d/website-name.conf file i can upload files thru filezilla (with the FTP user) and also upload plugins via wordpress dashboard.

enter image description here

Everything seems to be working just fine but could this affect something else on my site or on the Nginx server?

How can I create a FTP user that allows me to upload files to my server without having file permission issues in the future?

Tags:

2

Answers


  1. 0

    Btw it looks like about user permission (not owned by fpm users), please take a look into the config files of nginx & php-fpm ( current example we used nginx) and the user is ftplatinopeeyush

    CHECK

    1. Check your files / wordpress user permissions, make sure your wordpress user are ubuntu (you can check with ls -l), and make sure your file placed on user home directory : /home/ftplatinopeeyush (or anywhere home directory and it was writable by the ftplatinopeeyush user)

    2. go to /etc/nginx/nginx.conf
      check the parameter user, please make sure the user is www-data

    example:

    user www-data; # < this

worker_processes auto;
# ... next config
    1. And then go to /etc/php/7.3/fpm/pool.d/website-name.conf
      and check the configurations about:
    listen.owner = www-data
listen.group = www-data
    1. (fpm) user & group (wordpress files owned user)
    user=ftplatinopeeyush
group=ftplatinopeeyush

    CASE

    1. fpm : listen.owner & listen.group should match with nginx: user
    2. fpm: user & group should be match with wordpress / root user.
    3. Permission: wordpress file placed on directory that writable by user

    RESOLVE

    Before start, please make sure you have super admin privileges (root user)

    1. Check your user home directory:
    • command
    cat /etc/passwd | grep ftplatinopeeyush
    • output (where the /home/ftplatinopeeyush is home directory)

    NameOfUser:x:1234:1234:NameOfUser:/home/ftplatinopeeyush:

    1. Place your wordpress (document root) to your home directory. (eg: /home/ftplatinopeeyush/pathtowordpress)

    2. Fix the owner

    chown -R ftplatinopeeyush:ftplatinopeeyush /home/ftplatinopeeyush/pathtowordpress
    1. Set the permission (644 to files and 755 to directory)
    • set files permission
    find /home/ftplatinopeeyush/pathtowordpress -type f -exec chmod 644 {} ;
    • set directories permission
    find /home/ftplatinopeeyush/pathtowordpress -type d -exec chmod 755 {} ;
    1. Change your nginx user to www-data
    nano /etc/nginx/nginx.conf

    change variable user to www-data
    6. Change configuration of /etc/php/7.3/fpm/pool.d/website-name.conf

    nano /etc/php/7.3/fpm/pool.d/website-name.conf

    make sure the variable user & group are ftplatinopeeyush
    and variable listen.owner & listen.group are www-data

    or example configuration:

    [[email protected]]

; Owner
listen.owner = www-data
listen.group = www-data
listen.backlog = 1500


; User & group
user = ftplatinopeeyush
group = ftplatinopeeyush

; Listener this will placed on /run/php/[email protected]
listen=/run/php/$pool.sock

; Process Manager
pm = ondemand
; set max children
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10

pm.process_idle_timeout = 10s


; FLAGS
;php_flag[display_errors] = off
;php_admin_value[memory_limit] = 128M
    1. Open site virtual host setting
    nano /path/to/virtualhost-of-wordpress.conf
    • pointing root variable to /home/ftplatinopeeyush/pathtowordpress
    • find fastcgi_pass (php location block)
    location ~ .php$ {
    # split path request
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    # include default configuration nginx fastcgi_params
    include fastcgi_params;
    # environment php file name
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    fastcgi_index index.php;

    # try below to handle all 404 not found with script
    try_files $fastcgi_script_name =404;

    # listen for cgi param port / load balancer upstream
    # port for cgi params has followed of fast cgi config
    fastcgi_pass unix:/run/php/[email protected];
    # handle error
    fastcgi_intercept_errors off;
    fastcgi_buffers 16 16k;
    fastcgi_buffer_size 32k;
}
    1. Reload php & nginx service.
    systemctl reload nginx.service

    systemctl reload php7.3-fpm.service
    1. done
    Login or Signup to reply.
  2. 0

    You basically did the right thing already: created a separate Linux user and run PHP-FPM pool with that user. You then manage the website files in SFTP with the same user.

    If you follow through "NGINX and PHP-FPM. What my permissions should be?", there’s one extra step. That is, ensuring that your NGINX web user is a member of your PHP usergroup:

    usermod -a -G ftplatinopeeyush www-data

    What this achieves, is that NGINX can read any files of your website, which have group permission set to readable. E.g. chmod 0750 on all directories and 0640 on all files will allow NGINX to read all your website files.

    Further, you will be able to easily control which files are sensitive and should not be served by NGINX by simply removing the read permission for group, e.g. by setting chmod 0600 on wp-config.php or a similar sensitive file.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search