4

I'm in the process of moving each of my websites that are on a single server from a single PHP instance (whereby all of the files in all websites were owned by apache, and just the default php library was installed without php-fpm) ... and I'm installing a php-fpm pool for each individual website.

Better security and separation of the websites is my goal, the biggest goal being that the PHP scripts in 1 website won't be able to access PHP scripts from another website.

I'm apparently doing something wrong.

My environment:

  • CentOS 7
  • PHP 5.4.16
  • Apache 2.4.6

Here's an example php-fpm pool config file:

[root@host]# cat /etc/php-fpm.d/website1.com.conf [website1.com] user = user1 group = user1 listen = /var/run/php-fpm/website1.com.sock listen.owner = user1 listen.group = user1 php_admin_value[disable_functions] = exec,passthru,shell_exec,system php_admin_flag[allow_url_fopen] = on php_admin_value[short_open_tag] = On pm = ondemand pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 chdir = /home/www/website1.com/

And here is its corresponding vhost file in Apache:

[root@host]# cat /etc/httpd/conf.d/website1.com.conf <VirtualHost *:80> ServerAdmin [email protected] ServerName website1.com ServerAlias www.website1.com DocumentRoot /home/www/website1.com/www <Directory "/home/www/website1.com/www"> Options Includes FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> ErrorLog /home/www/website1.com/logs/errors CustomLog /home/www/website1.com/logs/access_log common <FilesMatch "\.php$"> SetHandler "proxy:unix:///var/run/php-fpm/website1.com.sock|fcgi://website1.com/" </FilesMatch> </VirtualHost>

All files and folders are owned solely by user1 (the group is also set to user1).

I have a PHP script inside of "website2" that is still able to access "website1" content. The settings in the php-fpm pool config file for "website2" and the settings in "website2" Apache vhost config file are identical to website 1 (with the exception of different folder paths, home directory, chroot, etc...).

This is my test script, located in /home/www/website2/www/ and accessible via the website2.com domain name:

<?php $test = file_get_contents('/home/www/website1.com/www/wp-config.php'); echo $test; #$files = scandir('/home/www'); #print_r($files); ?>

The output of this script is somewhat unexpected, however. I don't see the full contents of wp-config.php. Instead, what I see is everything beyond a certain point in the file (if you're familiar with wp-config.php, I see everything after the define('SECURE_AUTH_KEY','foo') entry).

Why can this test script, which is running under "user2" access and echo out some of the contents of wp-config.php found in the "user1" directory? I thought that the chdir = /home/www/website1.com/ directive would prevent this sort of thing.

Improve this question
1
  • You may try starting the php-fpm daemon using strace to debug why chroot() is not effective. Commented Oct 31, 2015 at 12:03

1 Answer 1

Reset to default
5

It appears that you have set chdir instead of chroot in your php-fpm pool configuration.

The chdir directive simply changes the working directory for the php processes for that pool; it does not start the processes in a chroot.

See this question.

Improve this answer
2
  • Also, note that you must remove chdir or set chdir = / once chroot is set. Commented Oct 31, 2015 at 12:16
  • 1
    That seems to have done the trick! ... sort of.... now I'm dealing with a "File not found" error, which others appear to have dealt with too. That's out of scope for this question. Thanks! Commented Oct 31, 2015 at 20:26

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.