search
HomeBackend DevelopmentPHP TutorialOrganize and summarize the permission division of nginx, php-fpm, mysql, etc.

This article will talk about the basic knowledge of PHP and give you an in-depth understanding of the user permissions of nginx, php-fpm and mysql. I hope it will be helpful to you!

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

Normally, the servers we run web applications on include Linux distributions such as CentOS, Ubuntu, Debian, etc. At this time, the permission control of applications such as Nginx, PHP and MySQL that are necessary to form the service architecture becomes very important. Each service has different permission requirements for the code directory. The lack of certain permissions will cause the service to be unable to read or write or Running errors reduce permission requirements and create the risk of intrusion and modification. Here we will summarize the permission division of services such as nginx, php-fpm and mysql.

1. Web server Nginx permissions

The running framework of PHP is usually combined with Nginx to form LNMP or combined with Apache to form LAMP architecture. Here, Nginx is used as an example to describe what is needed to run the Nginx service. permissions.
We know that Nginx itself cannot parse PHP syntax, so Nginx will directly parse and return results for static files (such as HTML, etc.), but for PHP files, Nginx will transfer them to the PHP interpreter php-fpm Process it, and then return the response to the client browser after processing.

Therefore, we need to unify the permissions required for Nginx and php services in our code directory.

① If the root user is used uniformly, general guest accounts will not be able to access the application. If nginx is configured to run as root, there will be great security risks. Once attacked, the root identity will be obtained. All operations of the system.

② If all code directory permissions are set to rwxrwxrwx, there is a hidden danger that users can modify the code directory directly through the browser.

So the best way is tounify them into a new user group and assign the necessary permissions to run Nginx and php to the user group to achieve permissions for web applications. Directory management. Under normal circumstances, many teams will name this user group www, The www user will uniformly manage the code directory permissions.

We can see the Nginx configuration file nginix.confThe running permissions divided in it are configured under the www user, so the Nginx child process is also executed by the www user, which can be passedps aux | grep nginx to view:

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

You can see that the main process of nginx is root, and the other sub-processes are all users of www

nginx.conf configuration:

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

2. PHP permission configuration

Similarly, how PHP is run It is also run by the main process root, and is configured in the child process pool (pool) to be executed by the www user. The specific configuration is under <span style="color: rgb(192, 0, 0);">etc\php-fpm.conf</span> in the php root directory. Just add two lines:

user = www
group = www

. You can also use ps aux | grep php to view the user identity used by the process:

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

3. Permission configuration of MySQL service

Through ps aux | grep mysql, you can see that the MySQL service is running under the mysql user. This service only requires us to bring the mysql username and password when the php code connects to mysql. It does not need to be unified as www, because the data layer needs to be isolated from the business logic layer to ensure the security of the underlying data. The authorization of mysql is mainly to add new users and divide permissions in the mysql service, which is used to control different PHP businesses to connect with identities with different permission ranges to ensure data security.

Organize and summarize the permission division of nginx, php-fpm, mysql, etc.

4. Summary

nginx configuration:

user www www;

php-fpm:

user = www
group = www

Directory:

drwxr-xr-x 就是755

Recommended study: "PHP Video Tutorial"

The above is the detailed content of Organize and summarize the permission division of nginx, php-fpm, mysql, etc.. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:csdn. If there is any infringement, please contact admin@php.cn delete
图文详解mysql架构原理图文详解mysql架构原理May 17, 2022 pm 05:54 PM

本篇文章给大家带来了关于mysql的相关知识,其中主要介绍了关于架构原理的相关内容,MySQL Server架构自顶向下大致可以分网络连接层、服务层、存储引擎层和系统文件层,下面一起来看一下,希望对大家有帮助。

mysql怎么替换换行符mysql怎么替换换行符Apr 18, 2022 pm 03:14 PM

在mysql中,可以利用char()和REPLACE()函数来替换换行符;REPLACE()函数可以用新字符串替换列中的换行符,而换行符可使用“char(13)”来表示,语法为“replace(字段名,char(13),'新字符串') ”。

mysql怎么去掉第一个字符mysql怎么去掉第一个字符May 19, 2022 am 10:21 AM

方法:1、利用right函数,语法为“update 表名 set 指定字段 = right(指定字段, length(指定字段)-1)...”;2、利用substring函数,语法为“select substring(指定字段,2)..”。

mysql的msi与zip版本有什么区别mysql的msi与zip版本有什么区别May 16, 2022 pm 04:33 PM

mysql的msi与zip版本的区别:1、zip包含的安装程序是一种主动安装,而msi包含的是被installer所用的安装文件以提交请求的方式安装;2、zip是一种数据压缩和文档存储的文件格式,msi是微软格式的安装包。

mysql怎么将varchar转换为int类型mysql怎么将varchar转换为int类型May 12, 2022 pm 04:51 PM

转换方法:1、利用cast函数,语法“select * from 表名 order by cast(字段名 as SIGNED)”;2、利用“select * from 表名 order by CONVERT(字段名,SIGNED)”语句。

MySQL复制技术之异步复制和半同步复制MySQL复制技术之异步复制和半同步复制Apr 25, 2022 pm 07:21 PM

本篇文章给大家带来了关于mysql的相关知识,其中主要介绍了关于MySQL复制技术的相关问题,包括了异步复制、半同步复制等等内容,下面一起来看一下,希望对大家有帮助。

带你把MySQL索引吃透了带你把MySQL索引吃透了Apr 22, 2022 am 11:48 AM

本篇文章给大家带来了关于mysql的相关知识,其中主要介绍了mysql高级篇的一些问题,包括了索引是什么、索引底层实现等等问题,下面一起来看一下,希望对大家有帮助。

mysql怎么判断是否是数字类型mysql怎么判断是否是数字类型May 16, 2022 am 10:09 AM

在mysql中,可以利用REGEXP运算符判断数据是否是数字类型,语法为“String REGEXP '[^0-9.]'”;该运算符是正则表达式的缩写,若数据字符中含有数字时,返回的结果是true,反之返回的结果是false。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

VSCode Windows 64-bit Download

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),