Welcome! Log In Create A New Profile

Advanced

Fastcgi_cache permissions

Posted by maznislav 
maznislav
Fastcgi_cache permissions
March 09, 2017 03:10PM
Hello, I was searching for an answer for this question quite a bit, but
unfortunately I was not able to find such, so any help is much appreciated.
The issue is the following - I have enabled Fastcgi_cache for my server and
I have noticed that the cache has very restricted permissions 700 to be
precise. I need to be able to change those permissions, but unfortunately I
am not able to do so. I do not see any configuration variable that is
responsible for this, neither the nginx process uses the umask value set for
generating the permissions for those files. If someone has an idea how can I
make nginx to use custom permissions for the cache that would great.

Thanks a lot.

Regards.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,272853,272853#msg-272853

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Ozerov
RE: Fastcgi_cache permissions
March 09, 2017 04:00PM
And what is the purpose of changing permissions?

In other words - nginx.conf - user www-data; So for example, Directories Access: (0700/drwx) with Uid: (33/www-data) And no one forbids you to access the cache from this user for manipulating files (allow other process (for example php-fpm runs as www-data) to delete Nginx cache files).



-----Original Message-----
From: nginx [mailto:[email protected]] On Behalf Of maznislav
Sent: Thursday, March 9, 2017 5:06 PM
To: nginx@nginx.org
Subject: Fastcgi_cache permissions

Hello, I was searching for an answer for this question quite a bit, but unfortunately I was not able to find such, so any help is much appreciated.
The issue is the following - I have enabled Fastcgi_cache for my server and I have noticed that the cache has very restricted permissions 700 to be precise. I need to be able to change those permissions, but unfortunately I am not able to do so. I do not see any configuration variable that is responsible for this, neither the nginx process uses the umask value set for generating the permissions for those files. If someone has an idea how can I make nginx to use custom permissions for the cache that would great.

Thanks a lot.

Regards.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,272853,272853#msg-272853

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
maznislav
Re: RE: Fastcgi_cache permissions
March 09, 2017 05:00PM
Hi Maxim,

thanks for the reply. The use case that I have is when php-fpm is running as
a user different than the nginx one. In this case the permissions being set
as 0700 basically deny any manipulation of the cached files from php
scripts. Everytime you try something like this you get permission denied.

A similar scenario and possible solution which unfortunately doesn't work is
described in this thread.

https://github.com/rtCamp/nginx-helper/issues/63

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,272853,272856#msg-272856

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reinis Rozitis
RE: RE: Fastcgi_cache permissions
March 09, 2017 06:30PM
> thanks for the reply. The use case that I have is when php-fpm is running as a
> user different than the nginx one. In this case the permissions being set as 0700
> basically deny any manipulation of the cached files from php scripts. Everytime
> you try something like this you get permission denied.

Why would you manipulate nginx cache files from php directly (or even if you do so why not run the nginx and phpfpm under same user then)?

If you want to purge the request (only valid reason which comes to my mind) you should configure fastcgi_cache_purge ( http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_purge ). The drawback is that's only for the commercial version.

As an alternative you could use a third party module http://labs.frickle.com/nginx_ngx_cache_purge/
I'm not 100% sure about the compability with the newest nginx releases but you can contact the author about that (he is also in this list).

rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Ozerov
RE: RE: Fastcgi_cache permissions
March 09, 2017 06:40PM
> Why would you manipulate nginx cache files from php directly (or even if you do so why not run the nginx and phpfpm under same user then)?

Yeah... For example: with php-fpm you can run each site with its own uid/gid (pool configuration), and with address on which to accept FastCGI requests
So, create a new pool file with the right user:group ... and send the specific purge request.

-----Original Message-----
From: nginx [mailto:[email protected]] On Behalf Of Reinis Rozitis
Sent: Thursday, March 9, 2017 8:24 PM
To: nginx@nginx.org
Subject: RE: RE: Fastcgi_cache permissions

> thanks for the reply. The use case that I have is when php-fpm is
> running as a user different than the nginx one. In this case the
> permissions being set as 0700 basically deny any manipulation of the
> cached files from php scripts. Everytime you try something like this you get permission denied.

Why would you manipulate nginx cache files from php directly (or even if you do so why not run the nginx and phpfpm under same user then)?

If you want to purge the request (only valid reason which comes to my mind) you should configure fastcgi_cache_purge ( http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_cache_purge ). The drawback is that's only for the commercial version.

As an alternative you could use a third party module http://labs.frickle.com/nginx_ngx_cache_purge/
I'm not 100% sure about the compability with the newest nginx releases but you can contact the author about that (he is also in this list).

rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login