[CentOS] php-fpm user other than webserver user?

Thu Dec 29 18:24:18 UTC 2016
Matthias Leopold <matthias at leopold.priv.at>


I don't really know where to post this, i'll try here since i use both 
CentOS and RHEL...

I'd like to know how others handle the setup of Apache httpd and PHP-FPM 
when the PHP-FPM user is different from the webserver user. This is the 
case in the default configuration of IUS PHP-FPM packages (not in stock 
CentOS/RHEL). So I have httpd running as 'apache' and PHP running as 
'php-fpm'. I'm aware of special use cases where a configurable PHP user 
is a nice feature, but how do i handle filesystem setup for this default 
configuration in a pretty and secure way? Do people use it like that or 
do they change PHP-FPM user back to 'apache' (like in RH packages)? All 
of the setups i tried (eg. using ACLs) don't really look "pretty" and 
"robust", something I'd like to have when using "default" 
configurations. I hope I'm not thinking too complicated...

Thanks for feedback