Home>Article>Backend Development> Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

青灯夜游
青灯夜游 forward
2022-06-14 12:17:55 3801browse

This article will talk about the basic knowledge of PHP and give you an in-depth understanding of the user permissions of nginx, php-fpm and mysql. I hope it will be helpful to you!

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

Normally, the servers we run web applications on include Linux distributions such as CentOS, Ubuntu, Debian, etc. At this time, the permission control of applications such as Nginx, PHP and MySQL that are necessary to form the service architecture becomes very important.Each service has different permission requirements for the code directory. The lack of certain permissions will cause the service to be unable to read or write or Running errors reduce permission requirements and create the risk of intrusion and modification. Here we will summarize the permission division of services such as nginx, php-fpm and mysql.

1. Web server Nginx permissions

The running framework of PHP is usually combined with Nginx to form LNMP or combined with Apache to form LAMP architecture. Here, Nginx is used as an example to describe what is needed to run the Nginx service. permissions.
We know that Nginx itself cannot parse PHP syntax, soNginx will directly parse and return results for static files (such as HTML, etc.), but for PHP files, Nginx will transfer them to the PHP interpreter php-fpm Process it, and then return the response to the client browserafter processing.

Therefore, we need to unify the permissions required for Nginx and php services in ourcode directory.

① If the root user is used uniformly, general guest accounts will not be able to access the application. If nginx is configured to run as root, there will be great security risks. Once attacked, the root identity will be obtained. All operations of the system.

② If all code directory permissions are set to rwxrwxrwx, there is a hidden danger that users can modify the code directory directly through the browser.

So the best way is tounify them into a new user group and assign the necessary permissions to run Nginx and php to the user groupto achieve permissions for web applications. Directory management. Under normal circumstances, many teams will name this user group www,The www user will uniformly manage the code directory permissions.

We can see the Nginx configuration filenginix.confThe running permissions divided in it are configured under the www user, so the Nginx child process is also executed by the www user, which can be passedps aux | grep nginxto view:

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

You can see that the main process of nginx is root, and the other sub-processes are all users of www

nginx.conf configuration:

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

2. PHP permission configuration

Similarly, how PHP is run It is also run by the main process root, and is configured in the child process pool (pool) to be executed by the www user. The specific configuration is underetc\php-fpm.confin the php root directory. Just add two lines:

user = www group = www

. You can also useps aux | grep phpto view the user identity used by the process:

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

3. Permission configuration of MySQL service

Throughps aux | grep mysql, you can see that the MySQL service is running under themysqluser. This serviceonly requires us to bring the mysql username and password when the php code connects to mysql. It does not need to be unified as www, because the data layer needs to be isolated from the business logic layer to ensure the security of the underlying data. The authorization of mysql is mainly to add new users and divide permissions in the mysql service, which is used to control different PHP businesses to connect with identities with different permission ranges to ensure data security.

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

4. Summary

nginx configuration:

user www www;

php-fpm:

user = www group = www

Directory:

drwxr-xr-x 就是755

Recommended study: "PHP Video Tutorial"

The above is the detailed content of Organize and summarize the permission division of nginx, php-fpm, mysql, etc.. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:csdn.net. If there is any infringement, please contact admin@php.cn delete