Edit report at https://bugs.php.net/bug.php?id=65100&edit=1
ID: 65100
User updated by: admin at mvpro dot net
Reported by: admin at mvpro dot net
Summary: Reject root run
-Status: Assigned
+Status: Closed
Type: Bug
Package: FPM related
Operating System: Linux Debian Wheezy
PHP Version: 5.5.0
Assigned To: fat
Block user comment: N
Private report: N
New Comment:
Umm, ok with -R it's OK.
It's not the best way to modify /etc/init.d fpm files manually, so ideally i
think
you should allow root by default. You should change type of root message to
warning. I am sure you need to inform users about the issue with root, but it
should not make php5-fpm fail to start.
Previous Comments:
------------------------------------------------------------------------
[2013-06-24 16:29:40] dlsni...@php.net
Hi,
I've forgot to mention that if you run: php-fpm help
it will show you something like this:
Usage: php-fpm [-n] [-e] [-h] [-i] [-m] [-v] [-t] [-p <prefix>] [-g <pid>] [-c
<file>] [-d foo[=bar]] [-y <file>] [-D] [-F]
[...........]
-R, --allow-to-run-as-root
Allow pool to run as root (disabled by default)
Have you tried that?
Thanks :)
------------------------------------------------------------------------
[2013-06-24 16:21:06] admin at mvpro dot net
dlsniper, i have nothing against such policy, however it would be interesting
to
know what issues can it do. I have many scripts which can not get access to php
files because of bad chmod. I can set it automatically but it's rather bad to
do
it via cron every minute, because it will affect perfomance. Also it will not
'at the moment', maybe user have to wait for a minute after a file update. It's
not really awesome.
I think it's a bug because in PHP 5.5 there are invent:
"; Specify the nice(2) priority to apply to the master process (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool process will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
process.priority = -19"
This new feature is useless, when root user cause fail to load php-fpm. If root
issue is permanent, then why is proccess.priority was implemented?
------------------------------------------------------------------------
[2013-06-24 16:13:20] dlsni...@php.net
Hi,
I'm using Ubuntu 13.04 and I've compiled PHP 5.5 with FPM from sources.
I do indeed get something like this:
[24-Jun-2013 18:09:32] ERROR: [pool default] please specify user and group
other than root
[24-Jun-2013 18:09:32] ERROR: FPM initialization failed
but I don't think it is a bad thing.
Running PHP with root as user would be considered a major security issue so
maybe it's not really a bug.
Can you provide a real use case where you'd want to allow a script executed via
FPM to have root privileges as I can't think of a good one right now?
Thanks.
------------------------------------------------------------------------
[2013-06-23 03:36:07] admin at mvpro dot net
Description:
------------
Php5-fpm rejected to run with user 'root' and group 'root', it fails to load.
While proccess priority was implemented, i assume, running PHP-fpm with user
'root' should be allowed.
Test script:
---------------
Put in /etc/php5/fpm/pool.d/www.conf
user = root
Expected result:
----------------
Success run.
Actual result:
--------------
Fail to run.
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=65100&edit=1
