Scenario / Questions

I have a PHP script that creates a directory and outputs an image to the directory. This was working just fine under Apache but we recently decided to switch to NGINX to make more use of our limited RAM. I’m using the PHP mkdir() command to create the directory:

mkdir(dirname($path['image']['server']), 0755, true);

After the switch to NGINX, I’m getting the following warning:

Warning: mkdir(): Permission denied in ...

I’ve already checked all the permissions of the parent directories, so I’ve determined that I probably need to change the NGINX or PHP-FPM ‘user’ but I’m not sure how to do that (I never had to specify user permissions for APACHE). I can’t seem to find much information on this. Any help would be great!

(Note: Besides this little hang-up, the switch to NGINX has been pretty seamless; I’m using it for the first time and it literally only took about 10 minutes to get up and running with NGINX. Now I’m just ironing out the kinks.)

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

Run nginx & php-fpm as www:www

1. Nginx

Edit nginx.conf and set user to www www;

If the master process is run as root, then nginx will
setuid()/setgid() to USER/GROUP. If GROUP is not specified, then nginx
uses the same name as USER. By default it’s nobody user and nobody or
nogroup group or the –user=USER and –group=GROUP from the
./configure script.

2. PHP-FPM

Edit php-fpm.conf and set user and group to www.

user – Unix user of processes. Default “www-data”

group – Unix group of processes. Default “www-data”

Suggestion: 2

In Ubuntu 14.04 the file to change user and group in PHP-FPM is: /etc/php5/fpm/pool.d/www.conf. In this file change these parameters:

user = www
group = www
listen.owner = www
listen.group = www

Suggestion: 3

To answer your actual question is to just change the user line in nginx.conf like so:

user    [username];

Example:

user    www-data;

The preferred user for Nginx to run as actually differs between operating systems. Sometimes Nginx is supposed to run as www-data. Other times it is actually supposed to run as nobody.

On some operating systems (such as Windows), it doesn’t even matter, and the user line in nginx.conf can be commented out or entirely excluded.

Suggestion: 4

The following solution worked changing the web user with me using Ubuntu 18.04 LTS, nginx 1.14 and php7.2-fpm.

1. Nginx

Edit /etc/nginx/nginx.conf and set the user to webuser;

user webuser;

2. PHP-FPM

Edit /etc/php/7.2/fpm/pool.d/www.conf.

user = webuser
group = webuser
...
listen.owner = webuser
listen.group = webuser