Permissions for using "Accelerated upload support"?

189 views
Skip to first unread message

JamesAB

unread,
Mar 24, 2010, 1:29:20 AM3/24/10
to highloa...@googlegroups.com
I've got nginx running under the user "nginx" and php-fpm configured to run as "nobody".

I'm trying to test out php-fpm's "Accelerated upload support" as outlined here:
http://php-fpm.org/wiki/Features#Accelerated_upload_support

Here's the location block I'm using:


location ~ \.php$ {
# start PHP-fpm upload optimiztaion
client_body_temp_path /dev/shm/client_body_temp;
fastcgi_pass_request_body off;
client_body_in_file_only on;
fastcgi_param REQUEST_BODY_FILE $request_body_file;
# end PHP-fpm upload optimiztaion

fastcgi_pass unix:/dev/shm/php.sock;
include fastcgi_params;
break;
}


The problem is that nginx is writing to the client_body_temp_path with such strict permissions and php-fpm running as "nobody" cannot read the client body file.

For example, nginx writes the client body file:

# ls -la /dev/shm/client_body_temp
total 4
drwx------ 2 nginx root 60 Mar 24 01:19 .
drwxr-xr-x 3 root root 80 Mar 24 01:04 ..
-rw------- 1 nginx nginx 319 Mar 24 01:19 0000000001


But PHP cannot read the file because of failed permissions.

2010/03/24 01:19:52 25348#0: *3 a client request body is buffered to a temporary file /dev/shm/client_body_temp/0000000001, client: 67.142.130.26, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1.1", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
2010/03/24 01:19:52 25348#0: *3 FastCGI sent in stderr: "PHP Warning: REQUEST_BODY_FILE: open('/dev/shm/client_body_temp/0000000001') failed: Permission denied (13) in Unknown on line 0" while reading response header from upstream, client: xx.xxx.xxx.xx, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1.1", upstream: "fastcgi://unix:/dev/shm/php.sock:", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"


Is there a way to make this work, other than running nginx as the user "nobody"?

Thanks for your help,
James

Posted at Nginx Forum: http://forum.nginx.org/read.php?3,67197,67197#msg-67197

Gordon Pettey

unread,
Mar 24, 2010, 1:31:56 AM3/24/10
to highloa...@googlegroups.com
Why are you running php-fpm as "nobody"? You might as well just be
using PHP's built-in FastCGI support.

> To unsubscribe from this group, send email to highload-php-en+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
>

Jérôme Loyet

unread,
Mar 24, 2010, 2:08:04 AM3/24/10
to highloa...@googlegroups.com
2010/3/24 JamesAB <nginx...@nginx.us>:

> I've got nginx running under the user "nginx" and php-fpm configured to run as "nobody".
>
> I'm trying to test out php-fpm's "Accelerated upload support" as outlined here:
> http://php-fpm.org/wiki/Features#Accelerated_upload_support
>
> Here's the location block I'm using:
>
>
>        location ~ \.php$ {
>                # start PHP-fpm upload optimiztaion
>                client_body_temp_path /dev/shm/client_body_temp;
>                fastcgi_pass_request_body off;
>                client_body_in_file_only on;
>                fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
>                # end PHP-fpm upload optimiztaion
>
>                fastcgi_pass   unix:/dev/shm/php.sock;
>                include        fastcgi_params;
>                break;
>        }
>
>
> The problem is that nginx is writing to the client_body_temp_path with such strict permissions and php-fpm running as "nobody" cannot read the client body file.

Hi,
You should ask to nginx mailing list. For sure someone there will have
an answer.

++ Jerome


>
> For example, nginx writes the client body file:
>
> # ls -la /dev/shm/client_body_temp
> total 4
> drwx------ 2 nginx root   60 Mar 24 01:19 .
> drwxr-xr-x 3 root  root   80 Mar 24 01:04 ..
> -rw------- 1 nginx nginx 319 Mar 24 01:19 0000000001
>
>
> But PHP cannot read the file because of failed permissions.
>
> 2010/03/24 01:19:52  25348#0: *3 a client request body is buffered to a temporary file /dev/shm/client_body_temp/0000000001, client: 67.142.130.26, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1.1", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
> 2010/03/24 01:19:52  25348#0: *3 FastCGI sent in stderr: "PHP Warning:  REQUEST_BODY_FILE: open('/dev/shm/client_body_temp/0000000001') failed: Permission denied (13) in Unknown on line 0" while reading response header from upstream, client: xx.xxx.xxx.xx, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1.1", upstream: "fastcgi://unix:/dev/shm/php.sock:", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
>
>
> Is there a way to make this work, other than running nginx as the user "nobody"?
>
> Thanks for your help,
> James
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?3,67197,67197#msg-67197
>

JamesAB

unread,
Mar 24, 2010, 2:44:12 AM3/24/10
to highloa...@googlegroups.com
Gordon,

So you are suggesting setting the Unix user/group of processes to "nginx" in the php-fpm configuration file?

It seems the only other option because nginx will always set the permissions to files in the client_body_temp_path to it's own user/group.

Thanks,
James

Posted at Nginx Forum: http://forum.nginx.org/read.php?3,67197,67205#msg-67205

Alexey A. Rybak

unread,
Mar 24, 2010, 3:20:02 AM3/24/10
to highloa...@googlegroups.com
On Wed, Mar 24, 2010 at 9:44 AM, JamesAB <nginx...@nginx.us> wrote:
> Gordon,
>
> So you are suggesting setting the Unix user/group of processes to "nginx" in the php-fpm configuration file?
>
> It seems the only other option because nginx will always set the  permissions to files in the client_body_temp_path to it's own user/group.

Btw, different users with equal group won't help here - you have 600
rights for the body file (group can't read). You probably should play
with umask in your nginx starting script - or use one and the same
user, not group.


--

wbr,
fisher

Gordon Pettey

unread,
Mar 24, 2010, 8:56:49 AM3/24/10
to highloa...@googlegroups.com
2010/3/24 Jérôme Loyet <m...@fatbsd.com>:

>
> Hi,
> You should ask to nginx mailing list. For sure someone there will have
> an answer.
>
> ++ Jerome

This /is/ the nginx mailing list.

copycat

unread,
Oct 28, 2010, 4:51:32 AM10/28/10
to highloa...@googlegroups.com
I too have faced a similar problem. It is insulting that in the
documentation nginx some important singularities are badly documented. I
for example didn't know that for operation php in a mode fastcgi the
acceleration of files is necessary
(client_body_temp_path/var/www/virtual/arriva/tmp/tmpfs/nginx;
fastcgi_pass_request_body off;
client_body_in_file_only clean;
fastcgi_param REQUEST_BODY_FILE $request_body_file;
), and without this acceleration files 200-300 kilobyte there is more
didn't transit handling. After switching-on of that acceleration about
which I have learned on a site of developers php-fpm, there was other
problem that appears nginx all temporal files accepted writes in access
0600 but since for me php-fpm pools work from different users, and nginx
works from the user apache, accordingly php-fpm the socket couldn't read
the loaded file. I have changed the source code nginx
(nginx-0.8.53/src/os/unix/ngx_file.c: *access = 0600;) on (*access =
0660;))
Further has recompiled nginx, and has installed the rights to a
directory
(client_body_temp_path/var/www/virtual/arriva/tmp/tmpfs/nginx;) equal to
the user from which works nginx - in this case apache and group from
which works php-fpm pool - in this case arriva.
drwxr-xr-x 2 apache arriva 140 Oct 27 17:33 tmpfs
And all began to work perfectly. I think that given clarification will
help much who uses the similar circuit.

Posted at Nginx Forum: http://forum.nginx.org/read.php?3,67197,145259#msg-145259

Reply all
Reply to author
Forward
0 new messages