# php-fpm file permission



## fred974 (Sep 10, 2018)

Hi,

I just finished a new WordPress installation inside a jail and I have a question regarding file permission.
/usr/local/etc/php-fpm.d/staging.conf

```
[mywebsite]
user =  $pool
group = www

listen = /var/run/$pool.sock

listen.owner = www
listen.group = www
listen.mode = 0660

pm = ondemand
pm.max_children = 20
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.process_idle_timeout = 60s;
pm.max_requests = 200
pm.status_path = /status
request_terminate_timeout = 0

env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /home/$pool/tmp
env[TMPDIR] = /home/$pool/tmp
env[TEMP] = /home/$pool/tmp

php_admin_value[open_basedir]       = /home/$pool/public_html:/home/$pool/tmp:/usr/local/share/pear:/usr/local/lib/php
php_admin_value[disable_functions]  = "exec,passthru,shell_exec,system,proc_open,popen,show_source"
php_admin_flag[allow_url_fopen]     = On
;security.limit_extensions          = .php .shtml
php_admin_value[date.timezone]      = Europe/London

php_flag[display_errors]            = off
php_admin_flag[log_errors]          = on
php_admin_value[error_reporting]    = 30711
php_admin_value[error_log]          = /home/$pool/public_html/logs/php_error.$pool.log
php_admin_value[memory_limit]       = 128M
php_value[upload_max_filesize]      = 8M
php_value[max_execution_time]       = 60
php_admin_value[upload_tmp_dir]     = /home/$pool/tmp
php_admin_value[session.save_path]  = /home/$pool/tmp

chdir = /
```
 When I upload a WordPress image, I see the following:

```
-rw-r-----  1 equstaging  www         134567 Sep 10 15:12 md1200-1000x750.jpg
-rw-r-----  1 mywebsite  www           7339 Sep 10 15:12 md1200-150x150.jpg
-rw-r-----  1 mywebsite  www          17566 Sep 10 15:12 md1200-300x225.jpg
-rw-r-----  1 mywebsite  www          85171 Sep 10 15:12 md1200-768x576.jpg
-rw-r-----  1mywebsite  mywebsite  318507 Sep 10 15:12 md1200.jpg
```

Question: why does the original file 'md1200.jpg' is not showing the www group?

Thank you


----------



## leebrown66 (Sep 10, 2018)

This is just a guess, based on an existing install I have.  Ownership of the containing directory?


----------



## fred974 (Sep 10, 2018)

```
drwxr-xr-x  7 mywebsite  mywebsite        27 Sep  5 22:48 public_html/
drwxr-xr-x  3 mywebsite  mywebsite      1055 Sep 10 16:38 tmp/
```


----------



## leebrown66 (Sep 10, 2018)

I am certainly no authority on this, but I'd say that's where it's getting username and group from when creating the initial file.
Try changing the directory group to www and upload something else, see if it that has the desired effect.


----------



## SirDice (Sep 10, 2018)

I suspect the website is running on suPHP, everything would be running on (and saved as) www:www normally. So I would check the primary group of the mywebsite user account. And/or your suPHP configuration.


----------



## fred974 (Sep 10, 2018)

SirDice if everyting run as www:www how the user mywebsite  do to update the file?
mywebsite  will have no permision to do so?


----------



## SirDice (Sep 10, 2018)

And that's exactly what suPHP does: https://www.suphp.org/Home.html


> suPHP is a tool for executing PHP scripts with the permissions of their owners.


It was commonly used on DirectAdmin (and similar tools) to separate the different websites and owners. So one website owner couldn't 'hijack' another owner's website. 

But I see that suPHP has been integrated, more or less, into php-fpm.


----------



## fred974 (Sep 10, 2018)

I don't think iuse suPHP .. but yes, I separate the different websites and owners  via php-fpm config file.
This allows me to create the user home directory for each user.
So what is the issue in my setup?


----------



## SirDice (Sep 10, 2018)

Have a look at `id mywebsite`, and compare it with the working ones. It might have the wrong primary group or is not a member of the www group at all.


----------



## fred974 (Sep 10, 2018)

I got it figured out..
in my /usr/local/etc/php-fpm.d/staging.conf  I have the following:

```
...
env[TMP] = /home/$pool/tmp
env[TMPDIR] = /home/$pool/tmp
env[TEMP] = /home/$pool/tmp
...
```
When I do `chgrp www /tmp` then all the files are uploaded as mywebsite:www
I am not quite sure why this is the fix tough


----------

