Nginx

unix socket 的正確權限應該是什麼?

  • April 13, 2022

我已經將 nginx 設置為通過 unix 套接字而不是 tcp 連接到 php5-fpm。我讀過這有更少的成本,因此提高了性能。現在我想知道套接字的正確權限應該是什麼以避免安全問題?

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. 
; Default Values: user and group are set as the running user
;                 mode is set to 0666
listen.owner = nginx ;(or the user that the Nginx is running as)
listen.group = nginx ;(or the group that the Nginx is running as)
listen.mode = 0660

對於 UNIX 套接字,執行權限無關緊要,重要的是讀寫權限。所以 0660 將套接字限制為所有者使用者/組,或 0666 允許任何人連接到它。

引用自:https://serverfault.com/questions/437077