From 333af922cadf41041d8addadcabf7d618342b424 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 10 Sep 2017 22:49:39 +0200 Subject: [PATCH] Create OS user for SeedDMS and make PHP use that user --- 10-seeddms.sh | 10 +++++++--- seeddms/etc/nginx/apps-available/seeddms | 2 +- seeddms/etc/php/7.0/fpm/pool.d/seeddms.conf | 12 ++++++++++++ 3 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 seeddms/etc/php/7.0/fpm/pool.d/seeddms.conf diff --git a/10-seeddms.sh b/10-seeddms.sh index 5663f99..c136ed3 100644 --- a/10-seeddms.sh +++ b/10-seeddms.sh @@ -21,16 +21,20 @@ psql -f /srv/seeddms/www/install/create_tables-postgres.sql seeddms seeddms unset PGPASSWORD # Configure SeedDMS -envsubst <${SOURCE_DIR}/seeddms/srv/seeddms/conf/settings.xml >/srv/seeddms/conf/settings.xml +envsubst <${SOURCE_DIR}/seeddms/srv/seeddms/www/conf/settings.xml >/srv/seeddms/www/conf/settings.xml rm -rf /srv/seeddms/www/install/ -chown -R www-data:www-data /srv/seeddms/ +# Create OS user +adduser --system --group --home /srv/seeddms --shell /bin/false seeddms +chown -R seeddms:seeddms /srv/seeddms/ -# Create nginx app definition +# Create PHP and nginx app definition +cp ${SOURCE_DIR}/seeddms/etc/php/7.0/fpm/pool.d/seeddms.conf /etc/php/7.0/fpm/pool.d/seeddms.conf cp ${SOURCE_DIR}/seeddms/etc/nginx/apps-available/seeddms /etc/nginx/apps-available/seeddms ln -s /etc/nginx/apps-available/seeddms /etc/nginx/apps-enabled/seeddms # Restart services +systemctl restart php7.0-fpm systemctl restart nginx # TODO: Custom user diff --git a/seeddms/etc/nginx/apps-available/seeddms b/seeddms/etc/nginx/apps-available/seeddms index ec2a18b..d10022a 100644 --- a/seeddms/etc/nginx/apps-available/seeddms +++ b/seeddms/etc/nginx/apps-available/seeddms @@ -5,6 +5,6 @@ location /seeddms { location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_pass unix:/run/php/seeddms.sock; } } diff --git a/seeddms/etc/php/7.0/fpm/pool.d/seeddms.conf b/seeddms/etc/php/7.0/fpm/pool.d/seeddms.conf new file mode 100644 index 0000000..121c0a3 --- /dev/null +++ b/seeddms/etc/php/7.0/fpm/pool.d/seeddms.conf @@ -0,0 +1,12 @@ +[seeddms] +user = seeddms +group = seeddms + +listen = /run/php/seeddms.sock +listen.owner = www-data +listen.group = www-data + +pm = ondemand +pm.max_children = 8 + +php_admin_value[open_basedir] = /srv/seeddms:/tmp:/tmp:/usr/share/php