[FIXED] How much damage is changing the user on fpm/pool.d/website-name.conf NGINX

Issue

I have changed the user under the file /etc/php/7.3/fpm/pool.d/website-name.conf

user = ftplatinopeeyush
group = ftplatinopeeyush

Only those parameters were changed on that file. The following line I didn't touch it.

listen = /var/run/user-name.sock

Why Did I change this parameters?

I created a FTP user and changed the ownership of the webfiles to this user so I can upload files to the Server but then wordpress said that the files were not writable.

Now after changing the user on the pool.d/website-name.conf file i can upload files thru filezilla (with the FTP user) and also upload plugins via wordpress dashboard.

Everything seems to be working just fine but could this affect something else on my site or on the Nginx server?

How can I create a FTP user that allows me to upload files to my server without having file permission issues in the future?

Solution

You basically did the right thing already: created a separate Linux user and run PHP-FPM pool with that user. You then manage the website files in SFTP with the same user.

If you follow through "NGINX and PHP-FPM. What my permissions should be?", there's one extra step. That is, ensuring that your NGINX web user is a member of your PHP usergroup:

usermod -a -G ftplatinopeeyush www-data

What this achieves, is that NGINX can read any files of your website, which have group permission set to readable. E.g. chmod 0750 on all directories and 0640 on all files will allow NGINX to read all your website files.

Further, you will be able to easily control which files are sensitive and should not be served by NGINX by simply removing the read permission for group, e.g. by setting chmod 0600 on wp-config.php or a similar sensitive file.

Answered By - Danila Vershinin