arno/privatebin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

privilege separation, ensuring nginx may access it's own tmp folder and only read /var/www

Browse Source
This commit is contained in:
El RIDO 2018-06-19 13:16:07 +02:00
parent 14ea837229
commit f18e51f132
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/nginx/nginx.conf
View File

@ -1,5 +1,5 @@
# Run as a unique, less privileged user for security reasons. # Run as a unique, less privileged user for security reasons.
user www-data www-data; user nginx www-data;
# Sets the worker threads to the number of CPU cores available in the system for best performance. # Sets the worker threads to the number of CPU cores available in the system for best performance.
# Should be > the number of CPU cores. # Should be > the number of CPU cores.

2
usr/local/etc/php-fpm.d/50-socket.conf
View File

@ -1,5 +1,5 @@
[www] [www]
listen = /run/php-fpm.sock listen = /run/php-fpm.sock
listen.owner = www-data listen.owner = nginx
listen.group = www-data listen.group = www-data
listen.mode = 0660 listen.mode = 0660