diff --git a/NEWS b/NEWS index 9bcd5193645..4145102b338 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,8 @@ PHP NEWS - FPM: . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header). (Jakub Zelenka) + . Fixed bug #67244 (Wrong owner:group for listening unix socket). + (Jakub Zelenka) - LDAP: . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()). diff --git a/sapi/fpm/www.conf.in b/sapi/fpm/www.conf.in index d13b60067fb..64da6bce1f0 100644 --- a/sapi/fpm/www.conf.in +++ b/sapi/fpm/www.conf.in @@ -17,9 +17,14 @@ ; Default Value: none ;prefix = /path/to/pools/$pool -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. +; Unix user/group of the child processes. This can be used only if the master +; process running user is root. It is set after the child process is created. +; The user and group can be specified either by their name or by their numeric +; IDs. +; Note: If the user is root, the executable needs to be started with + --allow-to-run-as-root option to work. +; Default Values: The user is set to master process running user by default. +; If the group is not set, the user's group is used. user = @php_fpm_user@ group = @php_fpm_group@ @@ -43,11 +48,12 @@ listen = 127.0.0.1:9000 ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. The owner ; and group can be specified either by name or by their numeric IDs. -; Default Values: user and group are set as the running user -; mode is set to 0660 +; Default Values: Owner is set to the master process running user. If the group +; is not set, the owner's group is used. Mode is set to 0660. ;listen.owner = @php_fpm_user@ ;listen.group = @php_fpm_group@ ;listen.mode = 0660 + ; When POSIX Access Control Lists are supported you can set them using ; these options, value is a comma separated list of user/group names. ; When set, listen.owner and listen.group are ignored