I have changed the user under the file /etc/php/7.3/fpm/pool.d/website-name.conf

user = ftplatinopeeyush
group = ftplatinopeeyush

Only those parameters were changed on that file. The following line I didn't touch it.

listen = /var/run/user-name.sock

Why Did I change this parameters?

I created a FTP user and changed the ownership of the webfiles to this user so I can upload files to the Server but then wordpress said that the files were not writable.

Now after changing the user on the pool.d/website-name.conf file i can upload files thru filezilla (with the FTP user) and also upload plugins via wordpress dashboard.

Everything seems to be working just fine but could this affect something else on my site or on the Nginx server?

How can I create a FTP user that allows me to upload files to my server without having file permission issues in the future?

CodePudding user response：

You basically did the right thing already: created a separate Linux user and run PHP-FPM pool with that user. You then manage the website files in SFTP with the same user.

If you follow through "NGINX and PHP-FPM. What my permissions should be?", there's one extra step. That is, ensuring that your NGINX web user is a member of your PHP usergroup:

usermod -a -G ftplatinopeeyush www-data

What this achieves, is that NGINX can read any files of your website, which have group permission set to readable. E.g. chmod 0750 on all directories and 0640 on all files will allow NGINX to read all your website files.

Further, you will be able to easily control which files are sensitive and should not be served by NGINX by simply removing the read permission for group, e.g. by setting chmod 0600 on wp-config.php or a similar sensitive file.

CodePudding user response：

Btw it looks like about user permission (not owned by fpm users), please take a look into the config files of nginx & php-fpm ( current example we used nginx) and the user is ftplatinopeeyush

CHECK

1. Check your files / wordpress user permissions, make sure your wordpress user are ubuntu (you can check with ls -l), and make sure your file placed on user home directory : /home/ftplatinopeeyush (or anywhere home directory and it was writable by the ftplatinopeeyush user)

2. go to /etc/nginx/nginx.conf check the parameter user, please make sure the user is www-data

example:

user www-data; # < this

worker_processes auto;
# ... next config

3. And then go to /etc/php/7.3/fpm/pool.d/website-name.conf and check the configurations about:

listen.owner = www-data
listen.group = www-data

4. (fpm) user & group (wordpress files owned user)

user=ftplatinopeeyush
group=ftplatinopeeyush

CASE

1. fpm : listen.owner & listen.group should match with nginx: user
2. fpm: user & group should be match with wordpress / root user.
3. Permission: wordpress file placed on directory that writable by user

RESOLVE

Before start, please make sure you have super admin privileges (root user)

1. Check your user home directory:

• command

cat /etc/passwd | grep ftplatinopeeyush

• output (where the /home/ftplatinopeeyush is home directory)

NameOfUser:x:1234:1234:NameOfUser:/home/ftplatinopeeyush:

2. Place your wordpress (document root) to your home directory. (eg: /home/ftplatinopeeyush/pathtowordpress)

3. Fix the owner

chown -R ftplatinopeeyush:ftplatinopeeyush /home/ftplatinopeeyush/pathtowordpress

4. Set the permission (644 to files and 755 to directory)

• set files permission

find /home/ftplatinopeeyush/pathtowordpress -type f -exec chmod 644 {} \;

• set directories permission

find /home/ftplatinopeeyush/pathtowordpress -type d -exec chmod 755 {} \;

5. Change your nginx user to www-data

nano /etc/nginx/nginx.conf

change variable user to www-data 6. Change configuration of /etc/php/7.3/fpm/pool.d/website-name.conf

nano /etc/php/7.3/fpm/pool.d/website-name.conf

make sure the variable user & group are ftplatinopeeyush and variable listen.owner & listen.group are www-data

or example configuration:

[[email protected]]

; Owner
listen.owner = www-data
listen.group = www-data
listen.backlog = 1500


; User & group
user = ftplatinopeeyush
group = ftplatinopeeyush

; Listener this will placed on /run/php/[email protected]
listen=/run/php/$pool.sock

; Process Manager
pm = ondemand
; set max children
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10

pm.process_idle_timeout = 10s


; FLAGS
;php_flag[display_errors] = off
;php_admin_value[memory_limit] = 128M

7. Open site virtual host setting

nano /path/to/virtualhost-of-wordpress.conf

• pointing root variable to /home/ftplatinopeeyush/pathtowordpress
• find fastcgi_pass (php location block)

location ~ \.php$ {
    # split path request
    fastcgi_split_path_info ^(. \.php)(/. )$;
    # include default configuration nginx fastcgi_params
    include fastcgi_params;
    # environment php file name
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SCRIPT_NAME $fastcgi_script_name;
    fastcgi_index index.php;

    # try below to handle all 404 not found with script
    try_files $fastcgi_script_name =404;

    # listen for cgi param port / load balancer upstream
    # port for cgi params has followed of fast cgi config
    fastcgi_pass unix:/run/php/[email protected];
    # handle error
    fastcgi_intercept_errors off;
    fastcgi_buffers 16 16k;
    fastcgi_buffer_size 32k;
}

8. Reload php & nginx service.

systemctl reload nginx.service

systemctl reload php7.3-fpm.service

9. done