I followed the following tutorial to do isolation of my two websites.
https://www.vultr.com/docs/use-php-fpm-pools-to-secure-multiple-web-sites/
Here is what I did:
Created two users and then assigned them permissions.
$ sudo useradd site1 $ sudo useradd site2 $ usermod -a -G site1 www-data $ usermod -a -G site2 www-dataAssigned directory permissions
$ sudo mkdir /var/www/site1 $ sudo chown -R site1:site1 /var/www/site1 $ sudo mkdir /var/www/site2 $ sudo chown -R site2:site2 /var/www/site2 $ sudo chmod 770 /var/www/site2Created two fpm pools
$ sudo cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/fpm-site1.conf $ sudo cp /etc/php/7.4/fpm/pool.d/www.conf /etc/php/7.4/fpm/pool.d/fpm-site2.confThen configured those pools
- Changed the top line inside the brackets that sets the pool name from [www] to [site1].
- Changed the line user = www-data to user = site1.
- Changed the line group = www-data to group = site1.
- Changed the line listen = /var/run/php/php7.4-fpm.sock to listen = /var/run/php/php7.4- site1-fpm.sock
Did the same for second pool.
Configured nginx and defined those pools in each site
location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm-site1.sock; include snippets/fastcgi-php.conf; }Did the same for site2 and then restarted php-fpm and nginx.
Now coming to the problem. All PHP pages of first site are owned by site1:site1 while second site are owned by site2:site2. Except one page of second site which is owned by site1:site1.
I was expecting that when I will try to access that page of second site in browser then I will get some error (because it is not owned by site2:site2) but I didn't receive any error and page opened normally.
Do you think it is working correctly and my understanding as to how it should work is incorrect? Or that page in second site shouldn't have opened in browser?
