Vesta Control Panel - Forum

Community Forum
http://forum.vestacp.com/

apache process user/group is www-data and not user - bug or intended?

http://forum.vestacp.com/viewtopic.php?f=11&t=14565

Page 1 of 1

apache process user/group is www-data and not user - bug or intended?

Posted: Thu May 11, 2017 11:58 am
by bernhard
hi!

i'm very new to vestacp and so far i really like it. congratulation and bigh thanks for this project :)

sample setup:
os = ubuntu 16.04
user = test
domain = test.example.com

i have a test setup with some vhosts, using apache. the problem is, that when i use the default apache template, the process runs as www-data and not as my user "test". when i change the template to "phpfcgid" and visit test.example.com it runs as user "test".

is that behaviour intended? looking at the template I see some entries regarding user/group of the process:

Code: Select all

    <IfModule mod_ruid2.c>
        RMode config
        RUidGid %user% %group%
        RGroups www-data
    </IfModule>
    <IfModule itk.c>
        AssignUserID %user% %group%
    </IfModule>
shouldn't that cause my apache to run as "test"? or would i have to install mod_ruid2.c first?

i'm also quite new to linux, so please be patient with me :)
thanks for your help!

Re: apache process user/group is www-data and not user - bug or intendet?

Posted: Thu May 11, 2017 12:21 pm
by JuzaoftheClouds
I think that in default case, apache will run php as a module, so processes will be executed with webserver user/group. This is the simpler webserver configuration, but with various drawbacks, for example, webserver user/group ownership on files created by webserver, poor process isolation, shared session/temp folders, ecc.

Phpfcgid is a method for execute php scripts with better performances and with isolation, so every process will be launched with own user/group.

So, it isn't a bug... it isn't a VestaCP issue... it is a webserver configuration behaviour!

Re: apache process user/group is www-data and not user - bug or intended?

Posted: Thu May 11, 2017 1:41 pm
by bernhard
thanks for your answer!

hmm... i think that's not the case. sorry if i'm unclear, as i said i'm quite new to linux and so miss some important informations...

i think my apache is running with FPM. when i create folders from my app, the owner is my intended user "test". when i run exec('whoami') it is also "test". but in the process list of HTOP it is www-data...

is it possible that this is because of the nginx proxy? i think for my usecase this behaviour should be fine. i was just confused about the www-data in my htop list...

Re: apache process user/group is www-data and not user - bug or intended?

Posted: Thu May 11, 2017 2:14 pm
by JuzaoftheClouds
Your files have right ownership, so I'm pretty sure that php is run as user.

Imho you are seeying webserver processes, that always run as default webserver user.
Only php processes runs with proper user.

If you can paste an anonymized excerpt of a "ps auxf", we can see in detail!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/