To help with permissions, we can do a setup similar to Forge, where user "forge" runs our applications and deploys it.
This has two steps:
- Set code file ownership as the user you select
- Set PHP-FPM to run as that user
- Allow user "forge" to reload PHP-FPM
First we'll create a user "forge" (I chose forge, but you can create any username you want).
# Create user + password sudo adduser forge # Move code to myapp user home directory sudo mv /var/www/myapp /home/forge/myapp sudo chown -R forge: /home/forge/myapp
/etc/php/7.1/fpm/pool.d/www.conf and set the user/group of PHP to run as user
user = forge group = forge
Then restart PHP when that change is saved:
sudo service php7.1-fpm restart
If we automate deployments, then it's likely we'll want to reload PHP-FPM when we're done. This requires
sudo, but I don't really want to allow user
forge to run any command, and since we're automating it, we don't have the opportunity to input the user's password.
We can create a sudoers config file to allow this, however:
sudo visudo -f /etc/sudoers.d/php-fpm
Add the following content:
forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload
This allows user
forge, when logged in from any host, to run the
service php7.1-fpm reload command using sudo, without requiring a password.
sudo su forge sudo apt-get update # requires password sudo service php7.1-fpm reload # works without a password!