Ok. Im little bit confused about those permissions in linux so please people help me out. The trouble is that I dont want to run server as root, so I created another user with sudo privileges so he runs the nginx and php-fpm servers (example "sudo_user"). But the trouble is for example I have "some_user" and he has a directory of his web-site "some_user/www.some_user.com" with all the configuration files, including database passwords and so on. I set ownership of all files to some_user:some_user (user:group) and changed permissions to all files 751 (u=rwx,g=rx,o=x so other accounts cant just go in this dir and read every config file) and set to public files permission 755. But my php-fpm runs with "sudo_user" with a group "sudo_user" he don't have a permission to write or read config files in "some_user" directory. What strategy should I take?
+1
A:
Its probably better to create an nginx user and nginx group, and have nginx/php run under that user. Then you can add the user nginx to your some_user/sudo_user's groups with your 751 permissions and you should be set.
digitala
2009-11-27 13:01:06
my answer is Jail. but I'll try your solution. Jail is hard to configure for me.
Filip
2009-12-07 12:02:46