


This article will talk about the basic knowledge of PHP and give you an in-depth understanding of the user permissions of nginx, php-fpm and mysql. I hope it will be helpful to you!
Normally, the servers we run web applications on include Linux distributions such as CentOS, Ubuntu, Debian, etc. At this time, the permission control of applications such as Nginx, PHP and MySQL that are necessary to form the service architecture becomes very important. Each service has different permission requirements for the code directory. The lack of certain permissions will cause the service to be unable to read or write or Running errors reduce permission requirements and create the risk of intrusion and modification. Here we will summarize the permission division of services such as nginx, php-fpm and mysql.
1. Web server Nginx permissions
The running framework of PHP is usually combined with Nginx to form LNMP or combined with Apache to form LAMP architecture. Here, Nginx is used as an example to describe what is needed to run the Nginx service. permissions.
We know that Nginx itself cannot parse PHP syntax, so Nginx will directly parse and return results for static files (such as HTML, etc.), but for PHP files, Nginx will transfer them to the PHP interpreter php-fpm Process it, and then return the response to the client browser after processing.
Therefore, we need to unify the permissions required for Nginx and php services in our code directory.
① If the root user is used uniformly, general guest accounts will not be able to access the application. If nginx is configured to run as root, there will be great security risks. Once attacked, the root identity will be obtained. All operations of the system.
② If all code directory permissions are set to rwxrwxrwx, there is a hidden danger that users can modify the code directory directly through the browser.
So the best way is tounify them into a new user group and assign the necessary permissions to run Nginx and php to the user group to achieve permissions for web applications. Directory management. Under normal circumstances, many teams will name this user group www, The www user will uniformly manage the code directory permissions.
We can see the Nginx configuration file nginix.conf
The running permissions divided in it are configured under the www user, so the Nginx child process is also executed by the www user, which can be passedps aux | grep nginx
to view:
You can see that the main process of nginx is root, and the other sub-processes are all users of www
nginx.conf configuration:
2. PHP permission configuration
Similarly, how PHP is run It is also run by the main process root, and is configured in the child process pool (pool) to be executed by the www user. The specific configuration is under <span style="color: rgb(192, 0, 0);">etc\php-fpm.conf</span>
in the php root directory. Just add two lines:
user = www group = www
. You can also use ps aux | grep php
to view the user identity used by the process:
3. Permission configuration of MySQL service
Through ps aux | grep mysql
, you can see that the MySQL service is running under the mysql user. This service only requires us to bring the mysql username and password when the php code connects to mysql. It does not need to be unified as www, because the data layer needs to be isolated from the business logic layer to ensure the security of the underlying data. The authorization of mysql is mainly to add new users and divide permissions in the mysql service, which is used to control different PHP businesses to connect with identities with different permission ranges to ensure data security.
4. Summary
nginx configuration:
user www www;
php-fpm:
user = www group = www
Directory:
drwxr-xr-x 就是755
Recommended study: "PHP Video Tutorial"
The above is the detailed content of Organize and summarize the permission division of nginx, php-fpm, mysql, etc.. For more information, please follow other related articles on the PHP Chinese website!

本篇文章给大家带来了关于mysql的相关知识,其中主要介绍了关于架构原理的相关内容,MySQL Server架构自顶向下大致可以分网络连接层、服务层、存储引擎层和系统文件层,下面一起来看一下,希望对大家有帮助。

在mysql中,可以利用char()和REPLACE()函数来替换换行符;REPLACE()函数可以用新字符串替换列中的换行符,而换行符可使用“char(13)”来表示,语法为“replace(字段名,char(13),'新字符串') ”。

方法:1、利用right函数,语法为“update 表名 set 指定字段 = right(指定字段, length(指定字段)-1)...”;2、利用substring函数,语法为“select substring(指定字段,2)..”。

mysql的msi与zip版本的区别:1、zip包含的安装程序是一种主动安装,而msi包含的是被installer所用的安装文件以提交请求的方式安装;2、zip是一种数据压缩和文档存储的文件格式,msi是微软格式的安装包。

转换方法:1、利用cast函数,语法“select * from 表名 order by cast(字段名 as SIGNED)”;2、利用“select * from 表名 order by CONVERT(字段名,SIGNED)”语句。

本篇文章给大家带来了关于mysql的相关知识,其中主要介绍了关于MySQL复制技术的相关问题,包括了异步复制、半同步复制等等内容,下面一起来看一下,希望对大家有帮助。

本篇文章给大家带来了关于mysql的相关知识,其中主要介绍了mysql高级篇的一些问题,包括了索引是什么、索引底层实现等等问题,下面一起来看一下,希望对大家有帮助。

在mysql中,可以利用REGEXP运算符判断数据是否是数字类型,语法为“String REGEXP '[^0-9.]'”;该运算符是正则表达式的缩写,若数据字符中含有数字时,返回的结果是true,反之返回的结果是false。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

SublimeText3 Linux new version
SublimeText3 Linux latest version

SublimeText3 Chinese version
Chinese version, very easy to use

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Mac version
God-level code editing software (SublimeText3)
