From 0d0ad580450040b1941f8015c47bcf6a45d57458 Mon Sep 17 00:00:00 2001 From: Lou Knauer Date: Fri, 16 Jul 2021 09:01:46 +0200 Subject: [PATCH] Run php-fpm as user www --- data/init.sh | 4 ++++ php-fpm/Dockerfile | 3 +++ php-fpm/symfony.pool.conf | 4 ++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/data/init.sh b/data/init.sh index c75713d..b888549 100755 --- a/data/init.sh +++ b/data/init.sh @@ -7,6 +7,10 @@ rm ./job-archive.tar.xz if [ $# -gt 0 ]; then if [ $1 == "dev" ]; then + # 101 is the uid and gid of the user and group www in the cc-php container running php-fpm. + # For a demo with no new jobs it is enough to give www read permissions on that directory. + sudo chown -R 101:101 ./job-archive + mkdir -p influxdb/data wget https://hpc-mover.rrze.uni-erlangen.de/HPC-Data/0x7b58aefb/eig7ahyo6fo2bais0ephuf2aitohv1ai/influxdbv2-data.tar.xz cd influxdb/data diff --git a/php-fpm/Dockerfile b/php-fpm/Dockerfile index ec08fbe..84d9e6c 100644 --- a/php-fpm/Dockerfile +++ b/php-fpm/Dockerfile @@ -77,6 +77,9 @@ COPY symfony.pool.conf /etc/php8/php-fpm.d/ COPY entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh +RUN addgroup -S www +RUN adduser -S -D -H -g "php-fpm user" -G www -s /sbin/nologin www + ARG APP_ENVIRONMENT ENV APP_ENV=${APP_ENVIRONMENT} ENV APP_SECRET=67d829bf61dc5f87a73fd814e2c9f629 diff --git a/php-fpm/symfony.pool.conf b/php-fpm/symfony.pool.conf index 96f20f3..db05c00 100644 --- a/php-fpm/symfony.pool.conf +++ b/php-fpm/symfony.pool.conf @@ -6,8 +6,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = nobody -group = nobody +user = www +group = www ; The address on which to accept FastCGI requests. ; Valid syntaxes are: