Create OS user for SeedDMS and make PHP use that user

10-seeddms.sh

@@ -21,16 +21,20 @@ psql -f /srv/seeddms/www/install/create_tables-postgres.sql seeddms seeddms
 unset PGPASSWORD
 
 # Configure SeedDMS
-envsubst <${SOURCE_DIR}/seeddms/srv/seeddms/conf/settings.xml >/srv/seeddms/conf/settings.xml
+envsubst <${SOURCE_DIR}/seeddms/srv/seeddms/www/conf/settings.xml >/srv/seeddms/www/conf/settings.xml
 rm -rf /srv/seeddms/www/install/
 
-chown -R www-data:www-data /srv/seeddms/
+# Create OS user
+adduser --system --group --home /srv/seeddms --shell /bin/false seeddms
+chown -R seeddms:seeddms /srv/seeddms/
 
-# Create nginx app definition
+# Create PHP and nginx app definition
+cp ${SOURCE_DIR}/seeddms/etc/php/7.0/fpm/pool.d/seeddms.conf /etc/php/7.0/fpm/pool.d/seeddms.conf
 cp ${SOURCE_DIR}/seeddms/etc/nginx/apps-available/seeddms /etc/nginx/apps-available/seeddms
 ln -s /etc/nginx/apps-available/seeddms /etc/nginx/apps-enabled/seeddms
 
 # Restart services
+systemctl restart php7.0-fpm
 systemctl restart nginx
 
 # TODO: Custom user

seeddms/etc/nginx/apps-available/seeddms

@@ -5,6 +5,6 @@ location /seeddms {
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_param SCRIPT_FILENAME $request_filename;
-        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+        fastcgi_pass unix:/run/php/seeddms.sock;
     }
 }

seeddms/etc/php/7.0/fpm/pool.d/seeddms.conf

@@ -0,0 +1,12 @@
+[seeddms]
+user = seeddms
+group = seeddms
+
+listen = /run/php/seeddms.sock
+listen.owner = www-data
+listen.group = www-data
+
+pm = ondemand
+pm.max_children = 8
+
+php_admin_value[open_basedir] = /srv/seeddms:/tmp:/tmp:/usr/share/php