php7-fpm error: unable to get gid of defined groups, feature not allowed but feature is defined for socket listening
Using socket, due the lack of ACL as reported in #12737 (closed) i defined permited groups using listen.owner
and listen.group
, but in combination with owner
and group
directives in php-fpm.conf
file, so i have already configured lighttpd
and www-data
user and group respectively (in any case www-data group is already defined if we install any webserver package such like lighttpd
one).
But it fails to start due problems in groups access for services, cos it seems there's a problem in the su
command? (in logs seems try to change to root, but that is not defined)
i try others combinations.. and gots rare results, but never got a working php-fpm with dessired defined owner of the socket! is a security risk?! feature not allowed but feature is defined for socket listening THIS IS A BIG ISSUE!
how to reproduce:
sed -i -r 's|^pid =.*|pid = /run/php-fpm7/php7-fpm.pid|g' /etc/php*/php-fpm.conf
sed -i -r 's#^user =.*#user = root#g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's#^group =.*#group = www-data#g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen =.*|listen = /run/php-fpm7/php7-fpm.sock|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.acl_users =.*|;listen.acl_users = daemon,lighttpd|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.acl_groups =.*|;listen.acl_groups = lighttpd,www-data|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.owner = .*|listen.owner = lighttpd|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.group = .*|listen.group = wwww-data|g' /etc/php*/php-fpm.d/www.conf
sed -i -r 's|^.*listen.mode =.*|listen.mode = 0660|g' /etc/php*/php-fpm.d/www.conf
service php-fpm7 restart
NOTE i put a ";" starting the lines of ACL related! checking the logs i got those:
tail -n 4 /var/log/php7/error.log
[09-Jun-2021 15:22:05] NOTICE: configuration file /etc/php7/php-fpm.conf test is successful
[09-Jun-2021 15:22:05] ERROR: [pool www] cannot get gid for group 'wwww-data': Operation not permitted (1)
[09-Jun-2021 15:22:05] ERROR: FPM initialization failed
also in general daemon service:
tail -n 6 /var/log/messages.log
Jun 9 15:33:51 monitor user.debug : Will stop /usr/sbin/php-fpm7
Jun 9 15:33:51 monitor user.debug : Will stop PID 6108
Jun 9 15:33:51 monitor daemon.err /etc/init.d/php-fpm7[6235]: start-stop-daemon: no matching processes found
Jun 9 15:33:58 monitor auth.notice su: + pts/1 root:root
Jun 9 15:34:04 monitor daemon.err /etc/init.d/php-fpm7[6310]: status: crashed