I've got nginx running under the user "nginx" and php-fpm configured to run as "nobody".

I'm trying to test out php-fpm's "Accelerated upload support" as outlined here:
http://php-fpm.org/wiki/Features#Accelerated_upload_support

Here's the location block I'm using:

[code]
location ~ \.php$ {
# start PHP-fpm upload optimiztaion
client_body_temp_path /dev/shm/client_body_temp;
fastcgi_pass_request_body off;
client_body_in_file_only on;
fastcgi_param REQUEST_BODY_FILE $request_body_file;
# end PHP-fpm upload optimiztaion

fastcgi_pass unix:/dev/shm/php.sock;
include fastcgi_params;
break;
}
[/code]

The problem is that nginx is writing to the [b]client_body_temp_path[/b] with such strict permissions and php-fpm running as "nobody" cannot read the client body file.

For example, nginx writes the client body file:
[code]
# ls -la /dev/shm/client_body_temp
total 4
drwx------ 2 nginx root 60 Mar 24 01:19 .
drwxr-xr-x 3 root root 80 Mar 24 01:04 ..
-rw------- 1 nginx nginx 319 Mar 24 01:19 0000000001
[/code]

But PHP cannot read the file because of failed permissions.
[code]
2010/03/24 01:19:52 [notice] 25348#0: *3 a client request body is buffered to a temporary file /dev/shm/client_body_temp/0000000001, client: 67.142.130.26, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1.1", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
2010/03/24 01:19:52 [error] 25348#0: *3 FastCGI sent in stderr: "PHP Warning: REQUEST_BODY_FILE: open('/dev/shm/client_body_temp/0000000001') failed: Permission denied (13) in Unknown on line 0" while reading response header from upstream, client: xx.xxx.xxx.xx, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1.1", upstream: "fastcgi://unix:/dev/shm/php.sock:", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
[/code]

Is there a way to make this work, other than running nginx as the user "nobody"?

Thanks for your help,
James

Why are you running php-fpm as "nobody"? You might as well just be
using PHP's built-in FastCGI support.

On Wed, Mar 24, 2010 at 5:29 AM, JamesAB <nginx-forum@nginx.us> wrote:
> I've got nginx running under the user "nginx" and php-fpm configured to run as "nobody".
>
> I'm trying to test out php-fpm's "Accelerated upload support" as outlined here:
> http://php-fpm.org/wiki/Features#Accelerated_upload_support
>
> Here's the location block I'm using:
>
>
>        location ~ \.php$ {
>                # start PHP-fpm upload optimiztaion
>                client_body_temp_path /dev/shm/client_body_temp;
>                fastcgi_pass_request_body off;
>                client_body_in_file_only on;
>                fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
>                # end PHP-fpm upload optimiztaion
>
>                fastcgi_pass   unix:/dev/shm/php.sock;
>                include        fastcgi_params;
>                break;
>        }
>
>
> The problem is that nginx is writing to the client_body_temp_path with such strict permissions and php-fpm running as "nobody" cannot read the client body file.
>
> For example, nginx writes the client body file:
>
> # ls -la /dev/shm/client_body_temp
> total 4
> drwx------ 2 nginx root   60 Mar 24 01:19 .
> drwxr-xr-x 3 root  root   80 Mar 24 01:04 ..
> -rw------- 1 nginx nginx 319 Mar 24 01:19 0000000001
>
>
> But PHP cannot read the file because of failed permissions.
>
> 2010/03/24 01:19:52  25348#0: *3 a client request body is buffered to a temporary file /dev/shm/client_body_temp/0000000001, client: 67.142.130.26, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1..1", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
> 2010/03/24 01:19:52  25348#0: *3 FastCGI sent in stderr: "PHP Warning:  REQUEST_BODY_FILE: open('/dev/shm/client_body_temp/0000000001') failed: Permission denied (13) in Unknown on line 0" while reading response header from upstream, client: xx.xxx.xxx.xx, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1.1", upstream: "fastcgi://unix:/dev/shm/php.sock:", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
>
>
> Is there a way to make this work, other than running nginx as the user "nobody"?
>
> Thanks for your help,
> James
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?3,67197,67197#msg-67197
>
> To unsubscribe from this group, send email to highload-php-en+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
>

To unsubscribe from this group, send email to highload-php-en+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.

2010/3/24 JamesAB <nginx-forum@nginx.us>:
> I've got nginx running under the user "nginx" and php-fpm configured to run as "nobody".
>
> I'm trying to test out php-fpm's "Accelerated upload support" as outlined here:
> http://php-fpm.org/wiki/Features#Accelerated_upload_support
>
> Here's the location block I'm using:
>
>
>        location ~ \.php$ {
>                # start PHP-fpm upload optimiztaion
>                client_body_temp_path /dev/shm/client_body_temp;
>                fastcgi_pass_request_body off;
>                client_body_in_file_only on;
>                fastcgi_param  REQUEST_BODY_FILE  $request_body_file;
>                # end PHP-fpm upload optimiztaion
>
>                fastcgi_pass   unix:/dev/shm/php.sock;
>                include        fastcgi_params;
>                break;
>        }
>
>
> The problem is that nginx is writing to the client_body_temp_path with such strict permissions and php-fpm running as "nobody" cannot read the client body file.

Hi,
You should ask to nginx mailing list. For sure someone there will have
an answer.

++ Jerome


>
> For example, nginx writes the client body file:
>
> # ls -la /dev/shm/client_body_temp
> total 4
> drwx------ 2 nginx root   60 Mar 24 01:19 .
> drwxr-xr-x 3 root  root   80 Mar 24 01:04 ..
> -rw------- 1 nginx nginx 319 Mar 24 01:19 0000000001
>
>
> But PHP cannot read the file because of failed permissions.
>
> 2010/03/24 01:19:52  25348#0: *3 a client request body is buffered to a temporary file /dev/shm/client_body_temp/0000000001, client: 67.142.130.26, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1..1", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
> 2010/03/24 01:19:52  25348#0: *3 FastCGI sent in stderr: "PHP Warning:  REQUEST_BODY_FILE: open('/dev/shm/client_body_temp/0000000001') failed: Permission denied (13) in Unknown on line 0" while reading response header from upstream, client: xx.xxx.xxx.xx, server: testforum.mysite.com, request: "POST /login.php?do=login HTTP/1.1", upstream: "fastcgi://unix:/dev/shm/php.sock:", host: "testforum.mysite.com", referrer: "http://testforum.mysite.com/admincp/index.php"
>
>
> Is there a way to make this work, other than running nginx as the user "nobody"?
>
> Thanks for your help,
> James
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?3,67197,67197#msg-67197
>
> To unsubscribe from this group, send email to highload-php-en+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
>

To unsubscribe from this group, send email to highload-php-en+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.

Gordon,

So you are suggesting setting the Unix user/group of processes to "nginx" in the php-fpm configuration file?

It seems the only other option because nginx will always set the permissions to files in the [b]client_body_temp_path[/b] to it's own user/group.

Thanks,
James

On Wed, Mar 24, 2010 at 9:44 AM, JamesAB <nginx-forum@nginx.us> wrote:
> Gordon,
>
> So you are suggesting setting the Unix user/group of processes to "nginx" in the php-fpm configuration file?
>
> It seems the only other option because nginx will always set the  permissions to files in the client_body_temp_path to it's own user/group.

Btw, different users with equal group won't help here - you have 600
rights for the body file (group can't read). You probably should play
with umask in your nginx starting script - or use one and the same
user, not group.


--

wbr,
fisher

To unsubscribe from this group, send email to highload-php-en+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.

2010/3/24 Jérôme Loyet <ml@fatbsd.com>:
>
> Hi,
> You should ask to nginx mailing list. For sure someone there will have
> an answer.
>
> ++ Jerome

This /is/ the nginx mailing list.

To unsubscribe from this group, send email to highload-php-en+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.

I too have faced a similar problem. It is insulting that in the documentation nginx some important singularities are badly documented. I for example didn't know that for operation php in a mode fastcgi the acceleration of files is necessary
(client_body_temp_path/var/www/virtual/arriva/tmp/tmpfs/nginx;
fastcgi_pass_request_body off;
client_body_in_file_only clean;
fastcgi_param REQUEST_BODY_FILE $request_body_file;
), and without this acceleration files 200-300 kilobyte there is more didn't transit handling. After switching-on of that acceleration about which I have learned on a site of developers php-fpm, there was other problem that appears nginx all temporal files accepted writes in access 0600 but since for me php-fpm pools work from different users, and nginx works from the user apache, accordingly php-fpm the socket couldn't read the loaded file. I have changed the source code nginx
(nginx-0.8.53/src/os/unix/ngx_file.c: *access = 0600;) on (*access = 0660;))
Further has recompiled nginx, and has installed the rights to a directory (client_body_temp_path/var/www/virtual/arriva/tmp/tmpfs/nginx;) equal to the user from which works nginx - in this case apache and group from which works php-fpm pool - in this case arriva.
drwxr-xr-x 2 apache arriva 140 Oct 27 17:33 tmpfs
And all began to work perfectly. I think that given clarification will help much who uses the similar circuit.