@danfoote104227
From a security standpoint, each user should always have their own account.
What you’re talking about is changing the user that PHP-FPM runs as, and yes, you can and should do that. You’ll want to look in:
/etc/php/7.1/fpm/pool.d/
By default, there’s only a single file in that directory and that’s www.conf
which uses www-data
as the default user. To setup a PHP-FPM instance for each user, you’d simply copy that file to a new one and change the configuration within it.
For example, let’s say we have user1, user2, user3. In the above directory, create:
user1.conf
user2.conf
user3.con
by simply copying the existing www.conf
to a new file. The command below creates the 3 new files we need for this example.
cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user1.conf \
&& cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user2.conf
&& cp /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/user3.conf
Now, you’d simply create directories for each user and then a new user account for each:
sudo mkdir -p /home/{user1,user2,user3} \
&& sudo useradd -d /home/user1 user1 \
&& sudo useradd -d /home/user2 user2 \
&& sudo useradd -d /home/user3 user3
Now we need to edit our newly created PHP-FPM configuration files and change a few specific values before we restart PHP-FPM. The lines you want to look at changing are:
[www]
user = www-data
group = www-data
and
listen = 127.0.0.1:9000
In the first, change [www]
to the username (i.e [user1]
…). You’ll then set the user
and group
to the same username. Finally, increase the port # by one (i.e. 9000
becomes 9001
, 9002
, etc).
The reason we need to increase the port is because we can’t have two users listening in on the same port. Yes, it’s really that simple :-).
Now, once all 3 configuration files have been modified, restart PHP-FPM.
sudo service php7.1-fpm restart
Now, the biggest change is going to be how I setup NGINX in the guide I provided you with. If you look in this file:
/etc/nginx/config/php/php-fpm.conf
You’ll see where I defined the port that PHP-FPM connects on for that account. You’ll need to copy this file in to each server block instead of including it and then change the port. So what you’d end up with is a server block that looks like the below for each account instead of the slimmer one in that guide.
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
root /home/yourdomain/htdocs/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 512k;
fastcgi_buffers 512 16k;
fastcgi_busy_buffers_size 1m;
fastcgi_temp_file_write_size 4m;
fastcgi_max_temp_file_size 4m;
fastcgi_intercept_errors off;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param HTTP_PROXY "";
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REDIRECT_STATUS 200;
}
}
The only line in the PHP block that you need to change is fastcgi_pass 127.0.0.1:9000;
. All you’re doing here is making sure the ports match up.
Once you have your 3 server blocks, 3 PHP-FPM configuration files, and you’re set:
nginx -s reload
NOTE: You could simply copy that file to another 2 files to make 3 and just modify the include line. This would probably be better down the line to reduce clutter, but for show, I’ve simply pasted the contents in to the server block.