Hi,
I know it would be kind of useful. You have 100 different customers on
a single server and you want a single instance of FPM handles each of
them independantly (chroot, uid, gid). You want FPM to create
something like 20 process wich will be all shared between users. But
the way FPM is made, it's impossible to make.
For each process, FPM lanches N processes. Each process will handle
several requests (thousands). when a process is created, it's uid, gid
and chroot is changed DEFINITIVELY. It's not possible to changed it
after for security reasons. So if you have 100 differents customers,
you will have at least 100 differents process each of them handling
only one customer.
In apache, there is suexec which is used to secure CGI (and not
fastcgi). Because in CGI, a process handles only one request. So it's
not a problem to setuid/chroot each time as the process will die after
the request.
I think the best way to handle this is to create a worker pool of each
customer, use the dynamic process management and set the min spare to
the minimum (1).
++ Jerome
2010/1/5 Dennis Jacobfeuerborn <djacobfeuerborn@gmail.com>:
> Hi,
> I looked at the discussion at
> http://groups.google.com/group/highload-php-en/browse_thread/thread/c5d13b16f418f861
> and I'm wondering if this is still considered to be added to php-fpm.
> Since I'd could really use a feature like this I'd probably take a
> shot at implementing it if this is welcome.
> The model I'm looking at would look like this:
>
> - There is a user "peter" with uid 500 and gid 500
> - His htdocs directory is located at /home/peter/htdocs. The directory
> has the uid
> and gid of the user.
> - There is a regular expression in the php-fpm config file that
> defines the location
> of these htdocs directories. In this case "/home/[a-z]+/htdocs"
>
> - User "peter" makes a request with the path "/subdir/index.php"
> - The resulting path to the script is "/home/peter/htdocs/subdir/
> index.php"
> - The regular expression matches the url and the resulting match is "/
> home/peter/htdocs"
> - php-fpm stat()'s this directory to determine uid and gid it is
> supposed to run as and uses
> this directory to chroot() to.
>
> Some possible (optional?) improvements:
> - After stat()'ing the directory php-fpm could also stat the script
> itself and check whether
> the uid and gid of both match and refuse to honor the request if
> they don't. This would
> deal with the case where another user manages to copy a script into
> "peter"s htdocs directory.
> - The chroot() regular expression could optionally be defined
> separately from the
> directory uid/gid regular expression.
>
> The general idea is to have a pool of "anonymous" worker processes
> that then get their identity for each request with the process
> outlined above. Maybe these processe can be cached so that a process
> that has acquired a uid/gid/chroot can be kept around for X seconds
> and if another request with a matching url comes in during that time
> the process can be reused. This could even be hooked into the adaptive-
> process-spawning mechanism to manage this sort of process-caching.
>
> Any opinions on this?
>