What user is generally used to run php-fpm and nginx in a formal environment?
How to set the directory rights of the website to be safer?
小伙看你根骨奇佳,潜力无限,来学PHP伐。
Usually the www user is used to run the lnmp architecture
In order to prevent hackers from modifying the system program when a vulnerability occurs in the system, so:
网站上的 php 文件属主要是非 www 用户,给予644权限。 网站上的所有目录是755权限,属主也是非 www 用户。 网站如果有应用需要写文件的目录,比如上传目录,那么此目录和目录下的所有文件属主是 www 用户。
1.www user2.644, upload directory and runtime directory 744
nobody
I just checked and found that php-fpm is run by the http user like nginx...and the master process is all root, which is so unsafe...but it seems very troublesome to repair. I still have a bunch of nobody that I haven’t fixed yet...
Ubuntu is under www-data,lnmp装的是wwwIn short, you cannot use root to run. If you use root to run, php can operate the operating system-related files.
www-data
www
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Usually the www user is used to run the lnmp architecture
In order to prevent hackers from modifying the system program when a vulnerability occurs in the system, so:
1.www user
2.644, upload directory and runtime directory 744
nobody
I just checked and found that php-fpm is run by the http user like nginx...and the master process is all root, which is so unsafe...but it seems very troublesome to repair. I still have a bunch of nobody that I haven’t fixed yet...
Ubuntu is under
www-data,lnmp装的是wwwIn short, you cannot use root to run. If you use root to run, php can operate the operating system-related files.